Re: Is someone hacking into our database?
- From: eagle <eagle@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 14 Dec 2006 11:26:00 -0800
Thank you all so much for your help -- it has been invaluable. I have one
more question, though. When I talked to the other person who is technically
over the databases, she said she talked to a consultant the agency hired to
look at our data systems, and the consultant said that you never, never want
to use Access databases to store large amounts of data like ours (our backend
is only about 90-100 mb in size) because the database goes screwy and begins
deleting its own data. I responded that I was very surprised at this because
my understanding was that Access could hold a lot more data than we have. I
also said that I heard that the real issue with using Access is that you
never want to use it to store sensitive client data, but have never heard
that it eats its own data if it gets too big. But -- I just wanted to check
this out with you. Does Access go haywire if it gets too big, causing loss
of data?
Our agency is currently working with a consultant (the one who made the
statement about Access eatings its young) to look over our systems, servers,
etc. and recommend and build (she's also a programmer, I guess) a system that
is "right" for us. I have reported to my superivisors the security issues of
using our access database for our sensitive client records, and that I'm
concerned for how to keep it secure while this consultant is building a
different system, but that I know of no way to keep it secure (due to the
possibility of password hacking) -- but (one more question) do you know of a
way to keep it secure while waiting on a new system?
Thanks so much for your help. :-)
"Joan Wild" wrote:
.
--
Joan Wild
Microsoft Access MVP
eagle wrote:
I'm still thinking about your reply. I guess I'm not completely sure
what you mean by someone changing things from their standard
system.mdw workgroup. I changed to that workgroup, then opened the
secured workgroup file, and could view things, but wasn't able to
change anything.
OK, but are able to add users. You are logged in (silently) as Admin, which
is a member of the Admins Group in system.mdw. Therefore you are able to
add users in that workgroup. However, you are only adding users in that
workgroup. You aren't able to add this new user to any of your secure
groups, because they don't exist in the system.mdw. Groups/Users/passwords
are stored in the mdw. Permissions are stored in the mdb.
The only way I was able to make changes
in the secured workgroup file was to login to the database via the
secure workgroup, and make changes via Tools, Security, User and
Group Permissions....but only when I logged in as the SuperUser (with
all permissions). Does this make sense?
Yes it does. So what you are saying is that someone is creating a new user
in your secure mdw. Only members of the Admins Group (or someone with
administer permission) can do this.
I just know that something
bad is happening with the database here, and is full of sensitive
client information, and I am the one responsible for it, and need to
nail down what is happening so I can stop it fast. Please help.....
If you are dealing with such sensitive information, the data shouldn't be in
a Jet database. Access security can be broken (just do a search at Google).
You should put the data in a more secure database, such as SQL Server. You
can still use Access as the frontend to this data.
--
Joan Wild
Microsoft Access MVP
- Follow-Ups:
- Re: Is someone hacking into our database?
- From: Joan Wild
- Re: Is someone hacking into our database?
- References:
- Re: Is someone hacking into our database?
- From: Joan Wild
- Re: Is someone hacking into our database?
- From: Joan Wild
- Re: Is someone hacking into our database?
- Prev by Date: Re: get error message when running a query
- Next by Date: Re: Front end, Back end, and restrictions on which Forms can open.
- Previous by thread: Re: Is someone hacking into our database?
- Next by thread: Re: Is someone hacking into our database?
- Index(es):
Relevant Pages
|
