Connecting Tech Pros Worldwide Forums | Help | Site Map
bytes > topic > access > answers

How secure is my application???

Jason Smith
Guest
  
Posts: n/a
#1: Nov 13 '05
I have recently designed an application in Ms Access with the
folllowing security:

1) Database is split into a front-end / backend with linked tables
2) All modules are password protected
3) Bypass shift code used to disable bypassing startup routines
4) Users enter database through login screen which checks login from
an Access table. This table is imported; not linked in the front-end.
5) The menubar on the startup form has been set to "=1" meaning no
menu will appear on this form.

How secure is this application? Is there still a way for users to get
into the design mode of the front-end or modify any code in the
database? Can more be done to increase security? Is this better than
the security built in Access using the workgroup file?

Any input would be greatly appreciated.

Tom van Stiphout
Guest
  
Posts: n/a
#2: Nov 13 '05

re: How secure is my application???

On 19 Aug 2004 06:41:10 -0700, noladeveloper@cox.net (Jason Smith)
wrote:

The ONLY secure way to prevent people from seeing your source code is
to distribute an MDE. It does not have any source code.

-Tom.

[color=blue]
>I have recently designed an application in Ms Access with the
>folllowing security:
>
>1) Database is split into a front-end / backend with linked tables
>2) All modules are password protected
>3) Bypass shift code used to disable bypassing startup routines
>4) Users enter database through login screen which checks login from
>an Access table. This table is imported; not linked in the front-end.
>5) The menubar on the startup form has been set to "=1" meaning no
>menu will appear on this form.
>
>How secure is this application? Is there still a way for users to get
>into the design mode of the front-end or modify any code in the
>database? Can more be done to increase security? Is this better than
>the security built in Access using the workgroup file?
>
>Any input would be greatly appreciated.[/color]
Mike MacSween
Guest
  
Posts: n/a
#3: Nov 13 '05

re: How secure is my application???

Depends what you're trying to secure, the data or your code.

A while ago I quoted for a job making Excel spreadsheets secure. Didn't get
the job, but in the course of investigating it I bought one of the many MS
Office password cracking programs.

It worked on everything except the file password for Word (2000 and later
IIRC) and Excel (ditto). A very strong, e.g. !£"$%£%$^%&^*&*()_ type
password seemed uncrackable for these 2. Everything else, not matter how
strong, was cracked very quickly.

So your password on modules isn't worth anything if you think somebody who
knows how to type 'Access' and 'Password' into a search engine and who is
prepared to cough up a few dollars will be interested in your app.

Like Tom says, make the mdb with the code in into an MDE. Better still,
encrypt the MDB, _then_ make it into an MDE.

If it's the actual data you want to protect, then just use NT permissions on
the backend file. Use Access security to deny direct access to the BE tables
and RWOP queries to get at the data in the FE. Rename the BE files to
something daft, get rid of the .mdb extension, so that it's not obvious, put
them in a non obvious folder. And so on and so forth.

If you search in the archives you will find a pretty long thread with me,
David W Fenton and Michael Kaplan and others discussing at length whether
any of the steps I suggest amount to 'meaningful' security. You must make up
your own mind. The thread is 'Security - more complex than I thought'.

You don't actually say what you want to prevent. So it may be that nobody is
very interested in nicking your stuff, so a low level of 'security' may be
enough. The locks on my front door probably aren't as good as the ones on
the jewellers at the top of the street.

Yours, Mike MacSween


"Jason Smith" <noladeveloper@cox.net> wrote in message
news:d2d67f8f.0408190541.1f4086a2@posting.google.c om...[color=blue]
> I have recently designed an application in Ms Access with the
> folllowing security:
>
> 1) Database is split into a front-end / backend with linked tables
> 2) All modules are password protected
> 3) Bypass shift code used to disable bypassing startup routines
> 4) Users enter database through login screen which checks login from
> an Access table. This table is imported; not linked in the front-end.
> 5) The menubar on the startup form has been set to "=1" meaning no
> menu will appear on this form.
>
> How secure is this application? Is there still a way for users to get
> into the design mode of the front-end or modify any code in the
> database? Can more be done to increase security? Is this better than
> the security built in Access using the workgroup file?
>
> Any input would be greatly appreciated.[/color]
Closed Thread

« previous question | next question »

Similar Microsoft Access / VBA bytes

/bytes/development

/bytes/it

Forums
Visit our community forums for general discussions and latest on Bytes

Our staff and community areas have moved to bytes.com/forums/

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,471 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved