This book represents a meeting between the database and security management worlds. Although centered more on security issues related to database systems development and administration, and thus making an excellent guide for a data administrator, it can also be useful for security administrators who are willing to glimpse the work involved in making database management system (DBMS)-based applications secure.

The author is a long-time Microsoft Access developer; thanks to his first-hand experience, he can address security from many points of view. His first perspective is that of the people who work hands-on with the application: the developer, the database administrator, and the information technology (IT) manager. His second perspective addresses the application structure: he maintains that security is attained by splitting an application into several parts, essentially a front-end user interface (UI) file, a back-end data file, and an administration file containing user profiles and permissions. Finally, from the point of view of putting everything in place, he explains that an application can be protected in steps, each harder to implement and manage than the previous one, yet yielding more protection.

The book starts by describing the basic, element-level Access protection features. It then explains how to embed protection mechanisms into an application during its development. Finally, it describes a protection-conscious application management style. Each chapter clearly states the different benefits the developer, the database administrator, and the IT manager can gain from the information presented.

The style of each chapter is plain and explanatory; examples are provided, both using step-by-step procedures, complete with the resulting screen outputs, and using written code. In addition, more code, and even entire forms, can be downloaded from the publisher’s Web site. However plain its style, however, this is no reference book; it is difficult to locate information of immediate interest. The best use of this book is to read it from end to end, and then come back at a later time looking for specific parts of interest. Neither is this a book for the casual reader; its level is intermediate to advanced. Good knowledge, and maybe some practical experience, of either database or security management is recommended.