Your opinion on module passwords

[Duncan Hsu]

Hi,

Like to see how many people like MS's change
of Access 97's module security.

I don't see much discussion on this issue
and would like to get a sense of it before
writing to Microsoft.

Personally, I don't like it. I usually allow
developers to have read+write right to module+
form_class. Once stabled, I will remove the
write permission while allow developer to
look at the code. This also help new comer
to learn from the existing code. For sensitive
codes, I can simply remove both the read and
write.

With the new module password, I think I
will lose those control and end up all
or nothing. Am I correct?

Thanks. Duncan

 

[Douglas J. Steele]

Given it changed in Access 2000, and Access 2003 will be released very soon,
I think you've left it a little late to complain.

 

[Duncan Hsu]

I understand that. But I am not sure what MS' thinking.
MS seems to move on the wrong direction. W311/W95/W98/Me's
share folder used to be 'shared password/secret' based.
NT/XP/2K3 are now 'role' based. I think people understand
that shared password is not secure - it's simply a
lazy-bone's approach to security. I think MS can provide
it as an option - like Access database password. But
replacing a role based security with shared password -
it just dumb. Duncan

 

[Brendan Reynolds \(MVP\)]

In Access 97 and earlier, Access implemented it's own VBA editor. Because it
was part of Access, it was able to use Jet user-and-group-level security
just like any other component of Access. In Access 2000 and later, Access no
longer implements it's own VBA editor, but uses the same editor as other
VBA-enabled applications such as Word and Excel.

It was a significant loss of functionality in that you used to be able to
give different users and groups different permissions. I'm not sure that
there was any major weakening of security though - Jet user-and-group-level
security is not unbreakable either. But it is a dead issue. There is no
possibility of it changing now.

What will change, however, is that Access 2003 supports digital signing of
code. I'm not particularly happy about the way it is implemented, but it
does mean that if someone other than the author modifies the code, everyone
will know about it, because the digital signature will be invalidated.

 

[Duncan Hsu]

In Access 97 and earlier, Access implemented it's own VBA editor. Because it
was part of Access, it was able to use Jet user-and-group-level security
just like any other component of Access. In Access 2000 and later, Access no
longer implements it's own VBA editor, but uses the same editor as other
VBA-enabled applications such as Word and Excel.

I was suspecting that.

MS seems don't have a grand plan on security. If VBA and
ACCESS both implement the option to take SID from either
..mdw or NT account, then things will workout fine - for
Win98 style, people can use .mdw. For NT style, people
can use NT account. It seems what MS need is to protect
all VBA with user level security instead of protecting
all VBA using password.

Certificate can be think of just another SID and should
be able to make it work with user level security.

 

[Brendan Reynolds \(MVP\)]

If there is a 'grand plan' its name is .NET.

Other than fixes for serious vulnerabilities, don't expect to see major
innovations in either JET or VBA security.