A secure database accessible through the worldwide Web

Abstract

Database access through the World Wide Web can combine the advantages in using each of them It permits people to work away from their offices, and to carry out money transfers over the Internet There have been, however, some limitations to this. First, many of the database management systems do not provide support to put their data onto the Web. Then, the Hyper Text Transfer Protocol (HTTP) did not provide sufficient support to ensure the type of security needed by particular database management systems and real world problems using databases. The need of the ability to access any database without using proprietary tools was another limitation Open DataBase Connectivity (ODBC) drivers were used to access a database with standard calls World Wide Web Servers have been developed to support ODBC, so that database access through the Web is possible to a limited extent. The issue of security is handled by different methods in applications. Very expensive proprietary software is available from a few vendors. This research was carried out to develop a method to solve the limitations identified and to develop an example database. The main security issues when a web browser accesses a database, are to handle login names and passwords when people move from one web page to another, and to prevent accessing a site without logging in, using a bookmark put during a previous session. Microsoft Internet Information Server , running on Windows NT Server version 4 0 was used as the WWW server which presents the data to the Web A Microsoft Access database was used with ODBC drivers to maintain the data .Although an Access database is not secure on its own, security features were added programmatically. The system consisted of several Web pages, each depicting the functions that can be carried out. A database of customer information in a company was used as an analogy These include logging into the database, insertion of new data, querying the database, deleting records etc The system was able to handle login/password security, and to identify bookmarking Thus the security of data is ensured. There were some limitations which prevented specific Web page formats, but as a whole the system was fully functional.