Best security practice

P

Peter Taylor

Hi,

Just want to sound some ideas out regarding the security of MS Access
developments. To date the most secure client to client development e.g.
access BE and FE i have done involves:

Making an MDE FE
Setting the DB password on the BE
Getting the MDE FE to dynamically link the tables and pass the BE password to
allow table attachment.
Using the above method prevents people from trying to link/import objects
from either the FE or the BE.
Using an MDE FE prevents the users from trying to import the form to find out
the password from the code.

I have also disabled the shift key for the startup options. So all in all its
secure to a certain extent.

I have come to relalize that you can create a new project and re-enable the
shift key on any access development via VBA. Are there any workarounds that
can prevent this?

So there are a few things that niggle me that I want to share to see if
anyone could through me some suggestions. Bearing in mind its for client to
client, not client to server as my business area can't get signoff for an SQL
server.

First off!

I'm aware that you can link/import tables queries and reports etc from any MS
Access development. Is there anyway other than setting the DB password or
working with the security wizard in access that can prevent this?

My aim is to keep the objects and thus the data safe. I know its really easy
to crack the DB password, so i'm just no happy using it.

So, what about the security wizard. I havn't really used this feature
although i'm sure its easy to use VBA and build a better GUI and getter AI to
do perform some more functionality. Is this the route to go? Does it
provide a better layer of security? Would it prevent someone using another
project to try and alter settings in a protected DB e.g. the bypass startup
key?

I await your responses :eek:)

Sulphy.
 
J

Joan Wild

Peter said:
Hi,

I have also disabled the shift key for the startup options. So all in
all its secure to a certain extent.

All of the above can be bypassed by the determined.
I have come to relalize that you can create a new project and
re-enable the shift key on any access development via VBA. Are there
any workarounds that can prevent this?

If you implement security, you can disable the shiftkey bypass such that
only members of the Admins Group can set it back.
http://www.mvps.org/access/general/gen0040.htm
I'm aware that you can link/import tables queries and reports etc
from any MS Access development. Is there anyway other than setting
the DB password or working with the security wizard in access that
can prevent this?

Not really.
My aim is to keep the objects and thus the data safe. I know its
really easy to crack the DB password, so i'm just no happy using it.

So, what about the security wizard. I havn't really used this feature
although i'm sure its easy to use VBA and build a better GUI and
getter AI to do perform some more functionality. Is this the route
to go? Does it provide a better layer of security? Would it prevent
someone using another project to try and alter settings in a
protected DB e.g. the bypass startup key?

Yes it would be better. Access security can be broken as well. It's a
matter of what you think your users will do?

Since you can't use SQL Server, implementing Access security is another
layer of obfuscation you can apply.

You can also create custom menus/toolbars for use throughout your
application; create a startup form; disable menus/toolbars, hide the db
window, etc. But you've probably done all that as well.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top