Re: Protecting an Access Database

From: Scott McDaniel <scott@xxxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 11 Aug 2007 07:40:27 -0400

On Fri, 10 Aug 2007 19:56:29 GMT, "Nando" <nospam@xxxxxxx> wrote:

"Scott McDaniel" wrote:

Deploying your database in the .mde format will stop users from being able
to view or change Forms, Reports, or Modules.

To protect Tables and Queries, you'll need to implement User Level
SEcurity. See Joan Wild's site for detailed
step-by-step instructions for doing this;

www.jmwild.com

You will also want to move all data access to RWOP (Run With Owner
Permission) queries so that you can remove
permissions directly from the table for users. Again, see Joan's site for
info on this.

Also be aware that ULS is easily breakable for those who wish to purhcase
a password unlocker.

Any ideas on what to do to better protect the database after using ULS? I
don't know what those unlockers do. Do those programs crack the Admin
password? Curious, because I want to make my database more secure. Sometimes
db users (employees) have too much time on their hands.

The password crackers give you a list of all users in the database, along with their passwords. Once you have this
information, it's easy to log in as an Admin user and do what you want.

ULS is about as secure as you can get with Access/Jet. If you need better data security, you'll need to move to a
different database engine like SQL Server, MySQL, etc. Note that SQL Server Express is free and is generally more secure
than Jet - although that's not always the case.

Scott McDaniel
scott@xxxxxxxxxxxxxxxxxxxxxxxxx
www.infotrakker.com
.

Follow-Ups:
- Re: Protecting an Access Database
  - From: Nando

References:
- Re: Protecting an Access Database
  - From: Scott McDaniel
- Re: Protecting an Access Database
  - From: Nando

Prev by Date: Re: Security setup, completely lost
Next by Date: Re: Protecting an Access Database
Previous by thread: Re: Protecting an Access Database
Next by thread: Re: Protecting an Access Database
Index(es):
- Date
- Thread

Relevant Pages

[NEWS] Lotus Domino View ACL Bypass
... Lotus Domino View ACL Bypass ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A Lotus Notes database contains documents that are organized into views. ... nor are they intended to protect the documents they ...
(Securiteam)
Re: User has group permissions to object, but still denied access.
... permissions to those query objects. ... The owners for the other 68 queries can be changed. ... may have been some of the original queries created in the database. ... Regarding the security, the database was converted from an Access 97 ...
(microsoft.public.access.security)
Re: setting a password on a button on the switchboard
... Could you send me the sample database for the fourth option (4. ... > Security in an Access database can probably be broken down into two big ... > points about being easier than User Level Security, ... > What type of data are you trying to protect? ...
(microsoft.public.access.forms)
Re: Setting up user group that can create and save select queries
... You are having this problem because of a bug with the security wizard. ... Put your users in one of the wizard-created groups, as well as the group you created for them, and they'll be able to save their queries. ... Give the users modify permissions on the query to change the SQL property in code. ... The application database used to enter and update the data; ...
(microsoft.public.access.security)
Re: How secure is a secured database?
... I've found regarding user-level security so I hope I have security set ... I'm the owner of the database and all it's objects. ... have no access to tables or queries and can only run queries with owner's ... server-based DBMS such as SQL Server or Oracle. ...
(microsoft.public.access.tablesdbdesign)