Re: database split before or after security?

"jacksonmacd" <jackMACmacdo0nald@xxxxxxxxx> wrote in message
news:ljpb229vq5eqhr8p585pdvhq37rhpuov9s@xxxxxxxxxx
On Sat, 25 Mar 2006 09:08:31 -0500, "Joan Wild"
<jwild@xxxxxxxxxxxxxxxx> wrote:

Charlie via AccessMonster.com wrote:
Hi Access Heros,
I created a new database in Access 2003. I created a new workgroup
file as owner. As owner, I created a new database and imported
tables from original db for my backend. Then I created another
database, as workgroup owner and imported queries, forms and reports,
as frontend. Does it make sense to do it this way? Doesn't this set
security on both the backend and frontend?

That alone does not. When you import objects, their permissions don't come
with them, so you have to set them again.


Joan

I didn't know that -- actually I thought you were wrong, but
experimentation proved to me that you were right.

For example, I logged onto a secure workgroup as a user who has
ReadData/Write on many tables, ReadData on a few tables, and
ModifyDesign permission on no tables. Imported some tables into a
brand-new database created by that user. I was able to
read/write/design all the tables, just as you suggested.

This means that a knowledgeable, motivated, and perhaps malicious user
could simple create a new database from one for which s/he had
ReadDesign permission, copy all the objects into a new database, and
replace the official database with this new, compromised database. The
user would be able to modify data in any table for which s/he had
previously been denied Write permission.

No need for a password cracking program! [snip]

As stated often...If you need to protect the data from non-users use network
security. If you need to protect data from *users* then don't put it in an MDB
file.

--
I don't check the Email account attached
to this message. Send instead to...
RBrandt at Hunter dot com


.

Relevant Pages

  • Re: Dual Workgroup - Problem with creating administrators
    ... Every user must have permission to open the database. ... Administrators can have permission to open the database, ... If you use this workgroup, that user will now be able to enter any ...
    (microsoft.public.access.security)
  • Re: 2007 wont open older format database
    ... The database is a 2000 format ... (which is overridden by using that shortcut with the secure workgroup command ... permission if the db is secure. ... Find out what the actual error message is when she tries to open the db.. ...
    (comp.databases.ms-access)
  • Re: PHP Query Issues on Ingres R3 Linux Version
    ... If a table is owned by the DBA (the database owner) then there is no ... "permission" thing so much as an object ownership issue. ... An object which is not prefixed by a schema name is found by looking ...
    (comp.databases.ingres)
  • RE: Truncated INSERT statements when using sp_generate_inserts by Vyas
    ... SET NOCOUNT ON ... This procedure is also useful to create a database setup, ... ALSO NOTE THAT THIS PROCEDURE IS NOT UPDATED TO WORK WITH NEW DATA TYPES INTRODUCED IN SQL SERVER 2005 / YUKON ... IF @owner IS NULL ...
    (microsoft.public.sqlserver.programming)
  • Re: SQL 2005 Express-Database does not have a valid owner?
    ... That means that the database's owner is MYDOMAIN\MyUserName ... My design machine is running Windows XP Pro. ... database diagram. ... Database diagram support objects cannot be installed because this ...
    (microsoft.public.sqlserver.security)