access db on webserver and local network

J

John F

I want to set up a database on (or mapped from) my webserver that can be read
and written to by an internet user and by users on my internal network. My
issue is the location and sharing of the .mdb file. I'm using ASP and have no
problem with the web side of the project, but I want to make it accessible
(npi) from my internal network. I envisioned a setup like this:

Web ----- Router------DMZ------Web Server
| |
| X
| |
| DB Server
| |
----Internal Network---


Configuration A

The web server is a W2K3 Standard server using IIS 6.0, the Internal Network
is a W2K3 Standard Server Domain, and the db server is an XP client member of
the internal domain, with the db folder set for everyone's use.

The connection between the webserver and the DB server was intended to be a
crossover ethernet cable (the X in config. A) but I could not get the shares
to work.
I changed to a regular dedicated segment with fixed IP's but could
only get the shares to work in the wrong direction. see config B.

Web ----- Router------DMZ------Web Server
| |
| --------
| |
| DB Server
| |
----Internal Network---------

Configuration B


My first question is, is it safe to configure like this:

Web ----- Router------DMZ------Web Server
| |
| |
| |
----Internal Network---


Configuration C

In this configuration, the database would be on the web server, the
webserver would join the internal domain and share the database folder on the
internal network - what safeguards are needed to keep the hackers at bay? How
do I keep the servers from sparring over the internal domain?

I would prefer to use config A so that I don't have servers on the same
network, and somewhere I heard that a separate database server is good idea,
but can an XP Pro machine do that? Do I need to enable IIS on it to get the
share to work on both sides?
I will also post this in the Web Services General group -
TIA
 
A

Arvin Meyer [MVP]

For safety's sake, I would set up a hardware firewall between the web and
the router. You should be able to set up a DSN to connect your ASP app to
the database without any problem. Yes, you need to enable IIS, and you need
to give I_USR all permissions with the exception of Full Control. You can
use any Windows machine as a JET database server, but it really doesn't make
any difference if you use a separate machine for a server or not. The only
time I've ever used a separate machine is if there is really heavy usage
(and I prefer a SQL-Server engine for that) or for security purposes (and I
prefer SQL-Server if security needs to be really stringent)
 
J

John F

thanks - I left the firewall out of the sketch but I do have one. My
problem is that when I put the db on the separate server I can't map a drive
to it, which I need for my connection string. I realize this is a share
problem rather than an Access problem, but are you suggesting that enabling
IIS on the XP machine will solve that?
 
J

John F

I put Config C up and the shares work fine - now I have a new problem, I
can't view my websites, presumably because the port 80 requests are going
through the local segment rather than out to DNS and back. Topic for a
different forum, I know. Thanks for the help with the Access side of it.
 
J

John F

Persistence pays! I got config B to work by sticking a Net Use line in a
startup batch file on the web server. Windows Explorer couldn't find the xp
box but Ping could, so I tried Net Use and it worked. All is well! Thanks
to all for proposed solutions, I learned a lot!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top