If your website uses Microsoft Access (or other file based
database) then particular care needs to be taken to ensure the information
contained within it does not find its way into the hands of malicious users. Needless
to say, sensitive information such as credit card numbers should never be
stored within the database, especially in an unencrypted state.
The following points will help to secure your database.
·
Ensure that the database is not stored in a folder that is accessible
from the website. If the database is in a folder that is accessible from the
website (a large number of hosting companies set up websites this way) then
ensure that you cannot download the .mdb file using a web browser.
·
Remember to password protect your database. This will prevent
casual users from looking in the database, although it is possible to get hold
of utilities that can be used to determine what the password is.
·
Encrypt any sensitive data.