Re: Deleting .mdw file removes security
From: Phone Home (PhoneHome_at_discussions.microsoft.com)
Date: 11/05/04
- Previous message: J: "Importing/Linking tables"
- In reply to: Joan Wild: "Re: Deleting .mdw file removes security"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 5 Nov 2004 10:21:06 -0800
I was successful.
FYI: The one thing that I can clearly identify that I did different was to
end the process by setting the "database" priviliges for the ADMIN user ane
USERS uer group as follows:
1. I checked the run and run exclusive boxes and then I clicked on the
Apply button.
2. I then unchecked these same two boxes and again hit the Apply button.
I did this because the documentation you refered me to said that ACCESS
2000 had a bug where under certain conditions (having to do with the
WIZARD), these privilges might appear unchecked in the security menus yet
still be some-how active.
I don't know if this final step was the magic bullet that made things work
(or for that matter did anything at all), but it might be something to
suggest if somebody else runs into this problem.
By the way, I am working under ACCESS 2003.
Thanks Joan Wild. Without your input, I might well have given up and
settled for some clumsy-sort-of-effective workaround. And while I'm at it,
thanks for getting back to me so quickly.
Sincerely
Phone Home
"Joan Wild" wrote:
> Phone Home wrote:
> >
> > I think I need to explain the problem a bit better. I did create my
> > own .mdw file using the WIZARD. ADMIN was moved out of the ADMINS
> > user group. I put all my intended database gods into a new user
> > group with full privaliges and set up other user groujps to taste.
>
> See that's not the exact steps to follow, and I think that is the source of
> your problem. You *must* follow *every* step outlined in the faq. What
> version of Access are you using? You shouldn't rely on the wizard in
> version 2000.
>
> It sounds to me as though you missed a crucial step - you mention giving
> full privileges to your new group, however it sounds as though the Admin
> user owns everything.
>
> >
> > I tried to restrict (actually to illiminate) privilages to the ADMINS
> > user group, but ACCESS seems to always put them all back (which seems
> > consistent with the documentation if I'm reaidng it right).
>
> This should not be a problem. You can remove permissions to the Admins
> Group (but I don't think this has anything to do with your problem).
>
> >
> > My security works fine as long as the database has access to the .mdw
> > file. The problem is that if a malicious snooper wants full
> > privilages to my database, all he has to do is delete the .mdw file.
> >
> > With the mdw file not available at run time, ACCESS creates a new
> > .mdw file with ADMIN in ADMINS (with full privilages). With the new
> > .mdw, ADMIN has no password, so my hacking smoothy is escorted in
> > under the user, ADMIN without even having to log in.
>
> You have definitely missed a step in securing it. Follow the detailed steps
> in order. If someone deletes the mdw you used to secure it with, they
> should not be able to even open the database.
>
> --
> Joan Wild
> Microsoft Access MVP
>
>
>
- Previous message: J: "Importing/Linking tables"
- In reply to: Joan Wild: "Re: Deleting .mdw file removes security"
- Messages sorted by: [ date ] [ thread ]
