防止直接访问后端数据库 [英] Prevent direct access to the backend database

问题描述

我遇到了这个问题，我可以为我的应用程序/数据库创建一个安装程序，但是每个人都可以打开作为MS Access数据库的后端文件.我想要它，所以我们只能使用前端应用程序访问数据库.请帮我解决这个问题.

I have this problem, I can create a setup for my app/database but everyone can open the backend file which is an MS Access database. I want it so we can only access the database using the frontend app. Please help me solve this.

推荐答案

您肯定希望对文件进行密码保护.但是，有了访问权限，有很多免费的应用程序可以查询访问文件并提取密码.

唯一真正安全的方法是将数据库托管在某个地方的SQL Server实例上.您可以尝试加密文件，但是如果两个人试图同时访问文件，则必须弄清楚如何处理.您是否在应用程序运行的整个过程中解密文件，以允许其他人访问该文件，然后在用户关闭该应用程序后对其进行加密?如果用户从任务管理器"中杀死程序，而现在您拥有一个解密的文件，会发生什么?

关键是，如果您担心完全保护Access的安全，则不要使用Access.

you would definitely want to password protect the file. Though, with access, there are plenty of free applications that can query the access file and pull out the password.

The only real secure way to do this is to host the database on a SQL server instance somewhere. You can try encrypting the file, but then you''d have to figure out how you are going to handle if two people are going to try to access the file at the same time. Do you decrypt the file during the entire time the application is running to allow others to access the file and then encrypt it once the user closes the application? What happens if the user kills the program from the Task Manager and now you have a decrypted file?

The point is that Access is not the product to use if you are worried about keeping it completely secure.

要么不使用MS Access，要么不使用密码保护文件

Either don''t use MS Access or password protect the file

另一种替代方法是将数据库置于Web服务之后.这样，除了通过Web服务之外，没有人可以直接访问数据库.

Another alternative is to put your database behind a web-service. That way no one can directly access the database except through the web service.

这篇关于防止直接访问后端数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！