Re: Secure BE



"Bdavis" <Bdavis@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:23C1C118-B56F-4856-8482-620F57CDC129@xxxxxxxxxxxxxxxx
>I apoligize ahead of time becasue this relates to something very simple
>that
> I'm over looking but; I'm having traouble figuring out how to secure the
> back-end of an application.
>
> I load the FE which is secured (access 2003) onto all the clients and
> accessed via a shortcut which references the server based workgroup. The
> FE's tables are all linked to the BE which is stored on the server. But
> any
> of the clients can just open up the BE if they figure out the location and
> read the tables.
>
> I'm trying to avoid clients getting into the back-end at all. I've tried
> adding a password but the then the FE can't access the tables.


If you set a database password on the BE you then need to delete the linked
tables in the FE and recreate the links. You'll be prompted for the
database password on the BE and it will work. However, you should know that
it is quite easy to break the database password.

There are some things you can do to keep the idle curious out, however again
you cannot stop the determined.

You can hide the BE (put it in \\server\share$ rather than \\server\share )
That will hide it in Windows Explorer, but if users know the path they can
get to it.

You can create an autoexec macro in the BE that issues the Quit action -
that will close the BE as soon as it's opened directly. If you do this,
you'd want to disable the shiftkey bypass, in case your users know about
that.

As I said, these things won't keep the determined out, but may be sufficient
for your purposes.

--
Joan Wild
Microsoft Access MVP


.



Relevant Pages

  • Re: subtext search in encrypted text
    ... > * clients access the system by communication with a application server ... both a client certificate and a server certificate. ... How secure is the memory of the phone? ...
    (sci.crypt)
  • Re: SSHD revelaing too much information.
    ... Many kid scripts don't give a damn what the service banner ... if that's not an option (public server that has clients from random ... networks) then make sure you're running a known secure version. ...
    (FreeBSD-Security)
  • Re: Calling clients from web service
    ... The polling method is the safest and most secure way. ... force the clients to poll the server (which you can tune or load balance to ... distribute the server volume). ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: FTP through Secure Tunnel SSH SSL Questions - PLEASE help :-)
    ... Some clients have now requested that we use a secure ... Do I have to have a ftp secure server running? ...
    (comp.security.ssh)
  • Re: Distributing user-developed Linux software and licensing issues.
    ... that makes almost uncrackable encryption is no secret, ... In this case being open-source is more secure. ... That can be automated to generate the clients ... > Do open source web servers include the full source to ...
    (Fedora)