Re: Microsoft Access Security Best Practices when linking to a SQL back end
From: Lynn Trapp (ltrappNoSpam_at_ltcomputerdesigns.com)
Date: 02/09/05
- Previous message: Brendan Reynolds: "Re: workgroup information file using OLE DB"
- In reply to: tdmailbox_at_yahoo.com: "Microsoft Access Security Best Practices when linking to a SQL back end"
- Next in thread: tdmailbox_at_yahoo.com: "Re: Microsoft Access Security Best Practices when linking to a SQL back end"
- Reply: tdmailbox_at_yahoo.com: "Re: Microsoft Access Security Best Practices when linking to a SQL back end"
- Reply: TC: "Re: Microsoft Access Security Best Practices when linking to a SQL back end"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 9 Feb 2005 14:22:57 -0600
I'm assuming that you will keep the Access frontend. Is that a correct
assumption? If it is, then your IT personnel are making an erroneous
assumption. Before Access can verify the username and password in the SQL
Server table, it will have to actually be opened and have some query run
from a startup form. If the authentication fails, then you could force
Access to close. On the other hand, the built in user level security in
Access authenticates the user before the database actually opens.
Furthermore, it will be significantly easier for users to mine passwords
from the SQL table than from the .mdw file. Also, attempting to create your
own security algorithm is not going to be an easy task.
-- Lynn Trapp MS Access MVP www.ltcomputerdesigns.com Access Security: www.ltcomputerdesigns.com/Security.htm <tdmailbox@yahoo.com> wrote in message news:1107979803.145244.185650@g14g2000cwa.googlegroups.com... > Does anyone know where I can find a best practices type document on > access security? Basicly I have a access database application I am > writing with a SQL server back end for a bank client. The application > was originally written to use access's own .mdw file for security. > > However there is a push by the internal IT staff for me to move the > security into a table inside the SQL database. I am not really sure > what advantages this would provide and I am trying to make sure I am > not missing something. They are not looking to premission each user on > the SQL database, they are looking for me to create a user table inside > the SQL backend for the database that I built and have the access > databse call that table to verify permissions before granting access to > the application. > > I am trying to determine if there is any advantage to configuring > security that way rather then using a .mdw file. > > Can anyone shead some light on why using an internal(or in this case > linked) table would be better to store user ids and password? >
- Previous message: Brendan Reynolds: "Re: workgroup information file using OLE DB"
- In reply to: tdmailbox_at_yahoo.com: "Microsoft Access Security Best Practices when linking to a SQL back end"
- Next in thread: tdmailbox_at_yahoo.com: "Re: Microsoft Access Security Best Practices when linking to a SQL back end"
- Reply: tdmailbox_at_yahoo.com: "Re: Microsoft Access Security Best Practices when linking to a SQL back end"
- Reply: TC: "Re: Microsoft Access Security Best Practices when linking to a SQL back end"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
