Re: Design protection

From: '69 Camaro (ForwardZERO_SPAM.To.69Camaro_at_Spameater.orgZERO_SPAM)
Date: 12/23/04

Next message: Mike: "Re: Question about 4-Field Pk Subform..... Is there a better way?"
Previous message: Wilderness: "Locking Information"
Maybe in reply to: '69 Camaro: "Re: Design protection"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 23 Dec 2004 09:06:38 -0800

Hello, Newman.

> First off, someone would have to know what that login
> name is

If you aren't using the login ID that authenticated with the computer's OS
on bootup, then you are either using Access's built-in user-level security
or your own home-grown security methods. A hacker wouldn't even have to
guess your login and password, because tools to break into the built-in
user-level security are available for a reasonable price to anyone who wants
to break into your system.

Home-grown security is likely to be even less secure than the built-in
user-level security, because Access database developers are burdened with
the same limitations that Microsoft's professional designers and programmers
were burdened with, but are far less likely to have the resources that
Microsoft had to put into the design of such a security system. Besides,
your database's startup functions can be easily bypassed if user-level
security isn't used to secure the database, so the lack of a User ID and
password to get past the login screen isn't a show-stopper.

> Secondly, the scheme isnt
> based on the system clock, its based on intervals between
> my logins,

The information that your application is using to compare the time intervals
is stored somewhere, such as in a file or the Windows Registry -- which a
hacker can find, even if it's encrypted. And the time intervals are based
upon a "start time" and "comparison time" of some clock in order to measure
whether 72 hours has passed, even if it isn't the current computer's system
clock -- which a hacker can find and probably alter, too.

> My
> question was... is there anyway, someone can modify the
> code without actually obtaining accesss to the structure
> in its original hosting format (access).?

I'm not sure that I understand this question, because your application is
still in its original hosting format, Access, even if it's an MDE file.
MDE's can be altered after being created from the MDB file, but there are
quite a few limitations, including the lack of source code for a person to
read directly. That doesn't mean that some things can't be read indirectly
by an expert or a hacker, though. What specifically are you hoping can't be
modified?

HTH.

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)

"Newman" <anonymous@discussions.microsoft.com> wrote in message
news:03ec01c4e909$54d79ad0$a301280a@phx.gbl...
> Partially correct...
> First off, someone would have to know what that login
> name is, and the login name i use for making mods to the
> structure is hidden, protected and different from the one
> i use for normal access. Secondly, the scheme isnt
> based on the system clock, its based on intervals between
> my logins, therfore unless someone first figures out my
> login name, then figures out what my password could be, i
> doubt that they'd do both, accesss will be denied. My
> question was... is there anyway, someone can modify the
> code without actually obtaining accesss to the structure
> in its original hosting format (access).?
>
> Thanks again.
>
>
> >-----Original Message-----
> >Hello, Newman.
> >
> >Please don't multipost. Readers have to check other
> readers' responses in
> >every other newsgroup where you post the same question
> in order to make sure
> >that they don't duplicate others' efforts.
> >
> >> Let me know if my protection can be over
> >> ridden or undone.
> >
> >Your efforts of protection can be overridden and
> undone. Anyone willing to
> >set the computer's system date back or create a login
> account name identical
> >to yours after you pass away or lose your job will be
> able to open your
> >database. The business operations that depend upon your
> database system
> >will still be able to function in your absence.
> >
> >HTH.
> >
> >Gunny
> >
> >See http://www.QBuilt.com for all your database needs.
> >See http://www.Access.QBuilt.com for Microsoft Access
> tips.
> >
> >(Please remove ZERO_SPAM from my reply E-mail address,
> so that a message
> >will be forwarded to me.)
> >
> >
> >"Newman" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:17e401c4e900$68205e00$a501280a@phx.gbl...
> >> I currently have designed an extensive Program using
> >> access as a platform to host it. The front end
> requires
> >> user login and password to access, and the back end
> >> consist of dozens of MDE databases. The front end is
> >> also being utilized as an MDE. The MDB of all are
> stored
> >> on a remote server which only I the administrator can
> >> access, and is backed up on CD as well. The database
> has
> >> a self-protection i built into it, which detects my
> log-
> >> in. If my login is not sensed within the last 72
> hours,
> >> the program ceases to run, and denys all logins, and
> >> shuts itself down. Only my login can initiate the
> system
> >> override and re-activation for the next 72 hour cycle.
> >> So in other words if i drop dead or get laid off, the
> >> program is rendered useless. My main concern is
> someone
> >> being able to reconstruct the program or rewrite some
> of
> >> the macros from an MDE....is it possible if only the
> MDE
> >> is available? By the way, all the admin forms,
> macros,
> >> etc. are set up to allow run or read only to all users
> >> but myself. My login only allows design changes even
> in
> >> the MDB. Let me know if my protection can be over
> >> ridden or undone. Thanks
> >>
> >
> >
> >.
> >

Next message: Mike: "Re: Question about 4-Field Pk Subform..... Is there a better way?"
Previous message: Wilderness: "Locking Information"
Maybe in reply to: '69 Camaro: "Re: Design protection"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Enter user name, enter password, then press enter...
... What do you do when the customer asks that the database login in be the same ... username and password to use all of the stuff that she is permitted to use. ... I have implemented this type of security for Access, VB, and Web Based ASP ...
(microsoft.public.access.forms)
Re: Login forms
... >>> I'm trying to develop a login form for an access database. ... >>> to use the Access User Level Security at the moment. ...
(microsoft.public.access.forms)
Re: Design protection
... If you aren't using the login ID that authenticated with the computer's OS ... or your own home-grown security methods. ... user-level security are available for a reasonable price to anyone who wants ... because Access database developers are burdened with ...
(microsoft.public.access.security)
Re: Design protection
... If you aren't using the login ID that authenticated with the computer's OS ... or your own home-grown security methods. ... user-level security are available for a reasonable price to anyone who wants ... because Access database developers are burdened with ...
(microsoft.public.access.modulesdaovba)
RE: How to allow users to change their password?
... be set up to provide the Security dialog window for password changes. ... I'll have to login using their login ... > name/password first. ... See http://www.QBuilt.com for all your database needs. ...
(microsoft.public.access.security)