Hi Larry
My objective is to prevent an average user from being able to gain
access to my tables. I use SageKey installer scripts to install all
the Access runtime files, but was suprised to find that a user with MS
Office could use Access to extract the data tables from my
application. I have discovered that whether I encrypt the database or
hide my tables any user with Access has Admin rights and can gain
access.
The things which I need to know in principle before studying the
subject in detail is:
1. Can a MDW file be applied to a specific MDB file without applying
to all the other MDB files on the target PC, [from other discussions
on this group it is far from being clear]?
2. Can I password only the Admin leaving the Users with Full data
rights without having to login?
3.If I do manage to do 1) and 2) above can a user delete the MDW file
to gain access to my database or will the database cease to function?
Regards
--
Carriolan
caOn Sat, 10 Dec 2005 17:53:56 GMT, "Larry Linson"
<bouncer@localhost.not> wrote:
[color=blue]
>How much is the data in your tables worth? Workable "cracks" for Access can
>be purchased for around US$150 -- if the price has not gone up or down in
>the past year or so.
>
>It is possible to associate a workgroup file, but it is also possible that
>the user might "join" that file, so that it is used no matter what Access
>database they try to open.
>
>The way you require a password is to put a password on the Admin account.
>Once that is done, every user requires a password. If I recall correctly,
>you can distribute a copy of your application with the user rights assigned
>to the Users group, and all users removed from Admins... so the security
>applies, but they do not have to log in. (But, I'd recommend checking the
>Security FAQ carefully and Googling this newsgroup archives on the subject.)
>
>And, as far as stealing the application itself, few Access database
>applications are so mysterious that an experienced Access developer can't
>observe the application in operation and re-create it in substantially less
>time than the original development required. After all, the "heavy lifting"
>of how to apply Access to the business issue has already been done, and
>can't be hidden.
>
> Larry Linson
> Microsoft Access MVP
>
>
><carriolan@> wrote in message
>news:6qtjp1h59eq9ceqaemab1ijdjjlscu6kvn@4ax.com.. .[color=green]
>> Hi Keith
>> I am a newbie at this; especially with regards to Access security.
>> Could you clarify some points for me please.
>> 1. Is it possible to associate a MDW file with a specific Access app
>> without affecting other MS Acees applications on the same pc?
>> 2. Is it possible to setup an MDW file giving users full data
>> permissions with no password (Administrator roghts being passworded)?
>> I do not want users having to log in
>>
>> What I am really trying to do is stop the 'man in the street, from
>> unhiding my tables and taking the data. I realise that it will never
>> be bullet proof.
>>
>> Regards
>> Carriolan
>>
>>
>>
>>
>> On Wed, 7 Dec 2005 08:46:03 -0000, "Keith W" <here@there.com> wrote:
>>[color=darkred]
>>><carriolan@> wrote in message
>>>news:evhbp1lfphttvjbj7naggbgpkc6f3jmbnf@4ax.com ...
>>>> Hi Keith
>>>> I am going through the MS FAQ as you suggested. Agreed it is not for
>>>> the faint hearted! I have one more quested. As my program is for
>>>> distratibution to the general public as shareware, is using this type
>>>> of security valid?
>>>> Regards
>>>> Carriolan
>>>>
>>>What do you mean by "valid"? As I stated previously, it won't stop a
>>>determined hacker with the right tools from breaking in, so you'd have to
>>>do
>>>a risk assessment to determine the likelihood of it happening and whether
>>>or
>>>not you care if it does. One further layer of protection is to convert
>>>your
>>>front end into an mde file, which is a fully compiled version of your mdb,
>>>hence no code is visible. A hacker would then have to reverse engineer
>>>your
>>>functionality into code in order to "steal" it.
>>>
>>>HTH - Keith.
>>>
www.keithwilby.com
>>>[/color][/color]
>[/color]
