Re: Word 2007 Missing User Level Securitty - ARRRGGGGHHHH What were they thinking?

Please, ... are you just trolling?

People who actually need object-level security should
use the method I proposed.

...do you really not understand what I wrote (in the context
which it was written) ..

It is common to see here a fairly basic misunderstanding
of the way the Jet engine works "you have to download the file",
based on a fairly basic misunderstanding of the way Windows
handles database records "It's file based".

Many people don't even realise that Windows has an integral
database system, which is record based, and has been since
DOS 3, and it is used by Jet.

I am perfectly aware that files can be secured by prohibiting
access to them and that is exactly the security model that server
databases use. Users have access to data served to them from
the engine, but have no access to the physical files where the data
is actually stored.

By contrast, you seem to think that the File Server serves files to Jet?

This leads to mistakes/ non-sequitur's like

a file based database system cannot be made secure

Which is just as false for SQL Server as it is for Jet and just
as irrelevant for Jet as it is for SQL Server.


.. the prevailing theory is that since a file .. system
cannot be made secure ..

I'm not barfing at the idea that Jet is insecure: only at the
idea that file systems can't be made secure, and at the
matching idea that it has any theoretical relevance to a
record-based network database system.

Since you make a point of "physical access to the file" let me
add that "physical access to the file" is no more a theoretical
limitation of the Windows database system than it is of SQL
Server/MSDE. In neither case is "physical access to the file"
a requirement for the database system to work.

Since I'm sure you'll admit that point, let me rephrase it:
In no way is "logical file permission" ever a theoretical limit
to security in the Jet/Windows database system.


"...the prevailing theory is that since a file based database
" system cannot be made secure from people who have
" physical access to the file..."

That "prevailing theory" is both irrelevant and irrelevant. Group
Policy objects are secure enough to be useful, secured at
both object and user level. And there is no theoretical reason
why Jet/Access users need file permissions any more than
SQL Server users need file permissions.

" ... cannot be made secure ... "

Object-level and user-level security in the native Windows
database primitives is entirely an argument about implementation,
marketing, development resources, support, maintenance,
and incremental functionality,
not at all an argument about what is possible.

Regards,
(david)




"Rick Brandt" <rickbrandt2@xxxxxxxxxxx> wrote in message
news:zK_Qj.11464$V14.8419@xxxxxxxxxxxxxxxxxxxxxxx
david@epsomdotcomdotau wrote:
the prevailing theory is that since a file based system
can never be made secure that there was no point

Barf... File servers aren't secure? Word and Excel files on
a file server aren't secure? [snip rest]

Please, do you really not understand what I wrote (in the context which it
was written) are you just trolling?

To make the snippage of that one phrase a bit more to your liking...

...the prevailing theory is that since a file based database system cannot
be made secure from people who have physical access to the file, that
there
was no point...

I am perfectly aware that files can be secured by prohibiting access to
them
and that is exactly the security model that server databases use. Users
have access to data served to them from the engine, but have no access to
the physical files where the data is actually stored.

Notice I also removed the "never" but most people realize a bit of
rhetorical license when they see it used in the manner I did.

The fact of the matter is that for the last few years the word "security"
in
"Access User Level Security" (the topic being discussed) has been a
complete
falsehood and I suspect that MS was getting increasingly uncomfortable
with
the term.

Some feel they could have just changed the name to reflect more of a "user
identification/customization system", but for whatever reasons, they chose
to just drop the model and suggest that developers who need "security"
move
to one of the SQL Server alternatives. I think that is a perfectly
reasonable decision.

--
Rick Brandt, Microsoft Access MVP
Email (as appropriate) to...
RBrandt at Hunter dot com




.

Relevant Pages

  • Re: write with cURL
    ... It takes time to set up an account for you, process the billing, etc. ... Sorry, my servers are secure. ... Nothing you have told me shows me you know how to lock down a server so that it is secure - other than to use the server's file security. ...
    (alt.php)
  • "An Asp.Net accident waiting to happen" - Draft article
    ... In a time where Security ... in shared hosting environments. ... technologies that allow the creation and deployment of secure ... IIS 6 web server and windows 2003 also provide some tools to deploy ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: SBS 2003 and TS-App Mode
    ... It's not secure... ... functionality over security and now you want functionality back. ... open and easy to use...they want TS on a domain controller back. ... Do not enable application server mode on a domain controllers. ...
    (microsoft.public.windows.server.sbs)
  • Questions on secure remote access to Fedora Core 2
    ... I am somewhat new to Internet security solutions in general and Linux ... I am setting up a server with Fedora Core 2 (there are specific reasons ... What is the most secure method I can use to give these individuals access ... under ssh. ...
    (comp.os.linux.security)
  • Re: Ten least secure programs
    ... it's probably better you leave the topic alone ... I said I do not have security issues with the programs I code. ... I didn't realize you were a Linux user, ... > the most widely used and secure UNIX flavors? ...
    (Security-Basics)