This chapter has provided a high-level overview of how to secure databases, in particular SQL Server and Microsoft Access. The principle for securing databases is simple: authenticate everyone who uses the database, use authorization to limit access, and lock down the server to ensure the only people who are using the database are both authenticated and authorized. Although Microsoft Access can be secured, for enterprise applications supporting a number of users or for supporting a connection to Internet Information Services (IIS), SQL Server is by far the best database choice—because it has a much richer security model and offers finer tuning of permissions.