Re: How do I lock the unhide database window menu option?

On Fri, 20 Jul 2007 18:00:50 +1200, "Chris Mills" <phad_nospam@xxxxxxxxxxxxxx> wrote:

First things first: If you have truly sensitive information, Access is NOT
the place to store it. Consider moving your
data storage to a true server database (MS SQL Server, MySQL, Oracle, etc)
if you need real security. Access security is
weak and easily broken.

This can be a bit of a glib statement, since SQL Server for instance, requires
something else as an intimate front end. Such as, MS-Access!!! (!!!!!) So if
they can break into MS-Access, then they can get into SQLServer data!!!
(!!!!!) (depending on the password procedures etc, but ALWAYS they will have
access to data they are authorised to view, in this case in tabular mode which
the developer might not want them to have!)

I don't see it as glib ... it's pretty much common knowledge that Access/Jet security is really no security at all, and
that SQL Server, Oracle, etc are far more secure. My comment was intended to alert the poster that Access/Jet is not a
secure data store. I'll grant you that any database system can be broken, but the effort required to break User Level
SEcurity on an Access database is generally about 3 minutes, a credit card, and a search engine. Not so with server type
database.

Of course, as you mention, SQL Server and others require some sort of frontend, and as you mention, the "security" is
only as good as the frontend. If the dev allows direct access to the tables through the frontend, then you must assume
that the dev intends for them to work with that data, and that the program/frontend would limit or determine what the
user could do with the data ... at this point, the onus would be on the dev to insure that the data is "protected",
whether it be from innocent or malicious intent.


And depending on circumstances, such as physical security, ALL such products
can be broken. All of them! Except where the PROGRAM is ALSO stored on a
"server", for example, internet or intranet-based systems such as Oracle has
been promulgating for a long time.

It consists of a front end with all
the forms, queries, and reports and a linked backend that contains the
tables. I have turned off the special access keys to disable the F11 key to
open the database window but there is still the matter of the user going to
Window->Unhide and viewing the database window that way. I thought about
customizing the menu bar and removing that option but I still need to be
able
to access it.


Whilst I don't go to this extent myself, I thought AllowBypassKey disables all
such activities, and if customised menus and toolbars are also used, then you
don't need Window in the menu anyway!

AllowBypassKey is Dangerous! For development you need a way to Re-Enable it!
Perhaps an invisible miniscule command button somewhere, anyhow the exact
details don't matter because they would be known only to you.

/Runtime disables these things. But of course, that's not secure because
anyone can remove it from the command line. Unless of course the user only had
Access Runtime.

One must ask oneself, WHY don't you want them to see the tables? You have
already given them access to the data contained. I myself like to limit them
to just the forms I have written, but it is NOT a security issue, it's a
"dummies doing silly things in the program" type of issue.

Chris


Scott McDaniel
scott@xxxxxxxxxxxxxxxxxxxxxxxxx
www.infotrakker.com
.

Loading