Re: Is someone hacking into our database?



--
Joan Wild
Microsoft Access MVP

eagle wrote:
I'm still thinking about your reply. I guess I'm not completely sure
what you mean by someone changing things from their standard
system.mdw workgroup. I changed to that workgroup, then opened the
secured workgroup file, and could view things, but wasn't able to
change anything.

OK, but are able to add users. You are logged in (silently) as Admin, which
is a member of the Admins Group in system.mdw. Therefore you are able to
add users in that workgroup. However, you are only adding users in that
workgroup. You aren't able to add this new user to any of your secure
groups, because they don't exist in the system.mdw. Groups/Users/passwords
are stored in the mdw. Permissions are stored in the mdb.

The only way I was able to make changes
in the secured workgroup file was to login to the database via the
secure workgroup, and make changes via Tools, Security, User and
Group Permissions....but only when I logged in as the SuperUser (with
all permissions). Does this make sense?

Yes it does. So what you are saying is that someone is creating a new user
in your secure mdw. Only members of the Admins Group (or someone with
administer permission) can do this.

I just know that something
bad is happening with the database here, and is full of sensitive
client information, and I am the one responsible for it, and need to
nail down what is happening so I can stop it fast. Please help.....

If you are dealing with such sensitive information, the data shouldn't be in
a Jet database. Access security can be broken (just do a search at Google).
You should put the data in a more secure database, such as SQL Server. You
can still use Access as the frontend to this data.


--
Joan Wild
Microsoft Access MVP


.

Relevant Pages

  • Re: Access Security not secure
    ... You join the mdw you want to secure it with. ... Then you remove all permissions (including those for the database object) ... >>Microsoft Access MVP ... >>> In your test with using a new workgroup and running the ...
    (microsoft.public.access.security)
  • Re: /wrkgrp switch
    ... Now that you have the target working, you should be aware that your original ... >> Microsoft Access MVP ... >>> I have set up a workgroup file called Reports.mdw ... >>> When I join my database to this file using Access Security the ...
    (microsoft.public.access.security)
  • Re: Creating a workgroup, Secure database, join a workgroup????
    ... The only thing that comes to mind is that you are not using the workgroup ... modifying a previously created workgroup file. ... start over with an unsecured copy of your database, ... Microsoft Access MVP ...
    (microsoft.public.access.security)
  • Re: Cleared Admin Password now cant open database
    ... Have your system administrator or the person who created ... you likely are not using the correct workgroup file. ... Microsoft Access MVP ...
    (microsoft.public.access.security)
  • Re: SECURE A LINKED DATABASE
    ... > Doug Steele, Microsoft Access MVP ... Now I need to get the database to run on the new workgroup all ... >>> and jmwild web site. ... Can you tell what I have done in the target line. ...
    (microsoft.public.access.security)
Loading