Application Security

[Dallas Miller]

I am setup security in an Access 2002 application and I
have a question about using the workgroup information
file for security. I would like the system to grab the
user's network id and look them up in the workgroup
information file and then grant them the appropriate
rights. This way they do not need to log onto the
application. Is this possible or is the second login the
only way?

Any help would be greatly appreciated.

Thanks,
Dallas Miller.

 

[Paul Overway]

The second log-in is the only way. And realistically, if you could do what
you indicate, it would be less secure...i.e., suppose an unauthorized person
used an authorized person's workstation while they were away from their
desk.

 

[Dallas Miller]

Paul,

Thanks for the quick response. I was 99 percent sure of
the answer but I thought I would give it a try. That is
too bad that Access does not allow this. Many
applications today take advantage of the Active Directory
security so users do not have to log into the
application, just the network. Maybe in the next release.

Thanks Again,
Dallas

 

[Albert D. Kallal]

You can however grab the users network logon id, and use code to test what
security groups that user id belongs to in the workgroup file.

So, you can eliminate the logon prompt, but still design your application
around users and what security groups they have access to. However, this
does mean that you will have to write code to "check" things.

I suppose you could however build a start-up program that launches ms-access
with the correct username in the start-up. That way, you could eliminate the
logon prompt, and in fact actually use ms-access security. It would not
really that secure as each user would not have a password, but since you are
NOT prompting for the password or the user name, it would be a bit tricky
for users to figure out how to actually logon with a legitimate user name
since no logon prompt is occurring!

You could create a small file that you run, and it would shell out to
ms-access with the workstation name passed as the username.

Before using security, I generally lock up and complete hide the ms-access
interface anyway (you don't need code or any security to hide and lock up
the interface anyway..but just need to use tools->start-up options).

Once you hidden the ms-access interface, you can then start to implement
security for who can use what forms and what tables. So, really, likely you
can come up with a reasonable system that is based on the network logon
name.

 

[Jack MacDonald]

Another option is to code the username and password into the shortcut
that launches your application. Of course, this only makes sense if
the shortcut is stored in a secure location such as the user's home
folder on the network. Otherwise the name and password is accessible
as cleartext in the shortcut.

Paul,

Thanks for the quick response. I was 99 percent sure of
the answer but I thought I would give it a try. That is
too bad that Access does not allow this. Many
applications today take advantage of the Active Directory
security so users do not have to log into the
application, just the network. Maybe in the next release.

Thanks Again,
Dallas

**********************
(e-mail address removed)
remove uppercase letters for true email
http://www.geocities.com/jacksonmacd/ for info on MS Access security

 

[Peter De Baets]

There are many alternatives to using Access Security when it comes to
securing your database.

A shareware version of a simplified user security add-in that allows
automatic login using network username - LASsie (Light Application
Security) for MS Access - is available for download here:
http://www.peterssoftware.com/las.htm

For a comprehensive look at this issue, Garry Robinson has written a
great book entitled "Real World Microsoft Access Database Protection
and Security". More info is here:
http://vb123.com/map/

Hope this helps,

Peter De Baets
Peter's Software - MS Access Tools for Developers
http://www.peterssoftware.com