Access I'm not sure that I would call Access vulnerable any more than other databases are to most common attacks such as SQL injection. I certainly agree that Access is not as robust and bad code would allow Denial Of Service attacks. Fortunately the Access SQL logic and tables are easily ported to other databases. I'm sure that it has a lot to do with my first programming experiences but I find the ASP/Access combination easier for rapid prototyping. I also find the resulting product capable of handling reasonably robust demands. As noted before, I do intend to rewrite in PHP/MySQL.
As someone who ends up supporting other people who want to use this kind of software... please, please, please make sure that your kit can run with a postgresql backend in addition (or, perhaps, in preference) to mysql. MySQL is *terrible*, as relational databases go. thanks, --elijah