473,836 Members | 1,498 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Security - more complex than I thought

S**t for brains strikes again!

Why did I do that? When I met the clients and at some point they vaguely
asked whether eventually would it be possible to have some people who could
read the data and some who couldn't but that it wasn't important right now.
And I said, 'sure, we can do that later'.

So now I've developed an app without any thought to security and am trying
to apply it afterwards. Doh!, doh! and triple doh!

I've experimented a lot recently with NT permissions. And thought I had it
all sussed. Which I think I almost have, NT wise, except that if I actually
want (basically) 2 NT groups, readonly and readwrite, I find now that there
are tons of stuff in even the readonly group where they will still need
write permissions on the back end. The error log table being one (so that'll
have to go out to a separate file). Update queries that run on the Open or
Current event of forms. And so on. Add new forms which open completely blank
(because the user hasn't got permission to append?) so hiding any of my
navigation buttons. etc. etc.

As a quick and dirty approach...

I though I'd set up users and groups, but mainly to give me something to
grab hold of. Then in the OnOpen of most forms check which group the user is
a member and make the form allowedits false and so on. That approach would
actually give me a finer level of granularity, as I could also disable
certain controls on the forms/switchboard etc. All this as an alternative to
using all the user/group permissions.

What approaches does anybody else use?

Apart from planning security from the beginning, properly, of course.

TIA, Mike MacSween (feeling like a chump)
Nov 12 '05 #1
116 7603
You have unforturnately made a promise that you cannot effectively keep --
AT ALL. The best thing you can do is point to the industry-known limitations
of Jet/Access (acknowledged by many large organizations like HIPPA, the
banking industry, and others) and blame them for the fact that this will not
work.
--
MichKa [MS]
NLS Collation/Locale/Keyboard Development
Globalization Infrastructure and Font Technologies

This posting is provided "AS IS" with
no warranties, and confers no rights.
"Mike MacSween" <mi************ ******@btintern et.com> wrote in message
news:3f******** *************** @news.aaisp.net .uk...
S**t for brains strikes again!

Why did I do that? When I met the clients and at some point they vaguely
asked whether eventually would it be possible to have some people who could read the data and some who couldn't but that it wasn't important right now. And I said, 'sure, we can do that later'.

So now I've developed an app without any thought to security and am trying
to apply it afterwards. Doh!, doh! and triple doh!

I've experimented a lot recently with NT permissions. And thought I had it
all sussed. Which I think I almost have, NT wise, except that if I actually want (basically) 2 NT groups, readonly and readwrite, I find now that there are tons of stuff in even the readonly group where they will still need
write permissions on the back end. The error log table being one (so that'll have to go out to a separate file). Update queries that run on the Open or
Current event of forms. And so on. Add new forms which open completely blank (because the user hasn't got permission to append?) so hiding any of my
navigation buttons. etc. etc.

As a quick and dirty approach...

I though I'd set up users and groups, but mainly to give me something to
grab hold of. Then in the OnOpen of most forms check which group the user is a member and make the form allowedits false and so on. That approach would
actually give me a finer level of granularity, as I could also disable
certain controls on the forms/switchboard etc. All this as an alternative to using all the user/group permissions.

What approaches does anybody else use?

Apart from planning security from the beginning, properly, of course.

TIA, Mike MacSween (feeling like a chump)

Nov 12 '05 #2
Hi,

If the "real" security isn't a concern (I mean some real crackers who might
want to break your BE database), and you just want to provide some security
for regular users, you can try the following:

1. Make you BE password-protected
2. Link it to front-end app
3. In front-end app, you can get rid of Access build-in security and
implement your own security model : groups, users and restrictions
4. Make your application MDE and also set appropriatre properties to skip
Shift at startup.

This will prevent regular users to break into your data.

But, as I told, this is not for guys who "really" want to get into your
data.

I didn't looked for, but I heard there are tools on internet who can break
Access database password, and also decompilers for MDE, so...

Few thoughts about implementation:

Users belongs to groups

Restrictions can be defined by this:
Restriction name (like "Disable view of Customerts form", or "Disable
Printing of X report", or "Hiding Z information" or whatsever)
For each restricton you can create some logic (it should be data-driven, to
be easily extended by adding new restrictions, as they are required) which
will disable / hide the required controls / forms / menu entries / reports /
whatsever.

Then, in OpenEvent of every for and report, you should call a function which
will check appropriate permissions for logged user, and act as appropriate
(either prevent form for loading or hiding / disabling controls on it).

As an example, suppose you have a form called Employees, with a tab control
with two pages (one for personal data and one for employment data), anf you
want a group to not be able to view PersonalData tab

I have developed such module once, so if you are interested in this, please
contact me.

Regards,
Bogdan

----- Original Message -----
From: "Mike MacSween" <mi************ ******@btintern et.com>
Newsgroups: comp.databases. ms-access
Sent: Monday, November 10, 2003 10:16 AM
Subject: Security - more complex than I thought

S**t for brains strikes again!

Why did I do that? When I met the clients and at some point they vaguely
asked whether eventually would it be possible to have some people who could read the data and some who couldn't but that it wasn't important right now. And I said, 'sure, we can do that later'.

So now I've developed an app without any thought to security and am trying
to apply it afterwards. Doh!, doh! and triple doh!

I've experimented a lot recently with NT permissions. And thought I had it
all sussed. Which I think I almost have, NT wise, except that if I actually want (basically) 2 NT groups, readonly and readwrite, I find now that there are tons of stuff in even the readonly group where they will still need
write permissions on the back end. The error log table being one (so that'll have to go out to a separate file). Update queries that run on the Open or
Current event of forms. And so on. Add new forms which open completely blank (because the user hasn't got permission to append?) so hiding any of my
navigation buttons. etc. etc.

As a quick and dirty approach...

I though I'd set up users and groups, but mainly to give me something to
grab hold of. Then in the OnOpen of most forms check which group the user is a member and make the form allowedits false and so on. That approach would
actually give me a finer level of granularity, as I could also disable
certain controls on the forms/switchboard etc. All this as an alternative to using all the user/group permissions.

What approaches does anybody else use?

Apart from planning security from the beginning, properly, of course.

TIA, Mike MacSween (feeling like a chump)


"Mike MacSween" <mi************ ******@btintern et.com> wrote in message
news:3f******** *************** @news.aaisp.net .uk... S**t for brains strikes again!

Why did I do that? When I met the clients and at some point they vaguely
asked whether eventually would it be possible to have some people who could read the data and some who couldn't but that it wasn't important right now. And I said, 'sure, we can do that later'.

So now I've developed an app without any thought to security and am trying
to apply it afterwards. Doh!, doh! and triple doh!

I've experimented a lot recently with NT permissions. And thought I had it
all sussed. Which I think I almost have, NT wise, except that if I actually want (basically) 2 NT groups, readonly and readwrite, I find now that there are tons of stuff in even the readonly group where they will still need
write permissions on the back end. The error log table being one (so that'll have to go out to a separate file). Update queries that run on the Open or
Current event of forms. And so on. Add new forms which open completely blank (because the user hasn't got permission to append?) so hiding any of my
navigation buttons. etc. etc.

As a quick and dirty approach...

I though I'd set up users and groups, but mainly to give me something to
grab hold of. Then in the OnOpen of most forms check which group the user is a member and make the form allowedits false and so on. That approach would
actually give me a finer level of granularity, as I could also disable
certain controls on the forms/switchboard etc. All this as an alternative to using all the user/group permissions.

What approaches does anybody else use?

Apart from planning security from the beginning, properly, of course.

TIA, Mike MacSween (feeling like a chump)

Nov 12 '05 #3
"Michael (michka) Kaplan [MS]" <mi*****@online .microsoft.com> wrote in
message news:3f******** @news.microsoft .com...
You have unforturnately made a promise that you cannot effectively keep --
AT ALL. The best thing you can do is point to the industry-known limitations of Jet/Access (acknowledged by many large organizations like HIPPA, the
banking industry, and others) and blame them for the fact that this will not work.


Sure, Access isn't 100% secure. That doesn't worry me. Where I f****d up was
not planning security from the start. I think that Access security can
probably be made a lot harder than people imagine. As I've posted a couple
of times but only one person has responded. By combining it with NT
permissions.

What approach do you use to Access security? The built in model or do you
'roll your own'

Cheers, Mike MacSween
Nov 12 '05 #4
TC

"Mike MacSween" <mi************ ******@btintern et.com> wrote in message
news:3f******** *************** @news.aaisp.net .uk...
"Michael (michka) Kaplan [MS]" <mi*****@online .microsoft.com> wrote in
message news:3f******** @news.microsoft .com...
You have unforturnately made a promise that you cannot effectively keep -- AT ALL. The best thing you can do is point to the industry-known limitations
of Jet/Access (acknowledged by many large organizations like HIPPA, the
banking industry, and others) and blame them for the fact that this will

not
work.


Sure, Access isn't 100% secure. That doesn't worry me. Where I f****d up

was not planning security from the start. I think that Access security can
probably be made a lot harder than people imagine. As I've posted a couple
of times but only one person has responded. By combining it with NT
permissions.

What approach do you use to Access security? The built in model or do you
'roll your own'

I don't understand your problem. If you want "some people who could read the
data and some people who couldn't", you can achieve this easily using Access
user-level security.

Of course, that is not un-hacakable, but neither is >>anything else<< that
is running on a PC that is open to codefile-level hacking.

Access security does not integrate directly with NT security, but you can
get the username carried across, so all the user has to do is to re-enter
his Access user-level password; which could be made the same as his NT
password.

So really, what is the poblem?

TC

Nov 12 '05 #5
Put your restricted tables in a separate BE, then you can use NT security to
restrict access to that MDB. Your application would now have to link to more
then one BE and you will need to handle relationships between the BEs with
code. I have a BE file that contains employee information, It is store in a
directory that is not even visible to users that don't need this
information. Access has no problem with this, as long as your application
does not open the tables.

As for Form and Report access, I use a menu table that list the menu
description, Form/Report name and access levels allowed to use the menu
item. The application gets the user ID from the network login to determine
access level. The menu is access with list or combo box controls, filtered
to the menu items allowed by the access level. Now this is very hackable but
works very well in a controlled environment. You should be able to add such
a menu to your application with minimum modification to your code.
"Mike MacSween" <mi************ ******@btintern et.com> wrote in message
news:3f******** *************** @news.aaisp.net .uk...
S**t for brains strikes again!

Why did I do that? When I met the clients and at some point they vaguely
asked whether eventually would it be possible to have some people who could read the data and some who couldn't but that it wasn't important right now. And I said, 'sure, we can do that later'.

So now I've developed an app without any thought to security and am trying
to apply it afterwards. Doh!, doh! and triple doh!

I've experimented a lot recently with NT permissions. And thought I had it
all sussed. Which I think I almost have, NT wise, except that if I actually want (basically) 2 NT groups, readonly and readwrite, I find now that there are tons of stuff in even the readonly group where they will still need
write permissions on the back end. The error log table being one (so that'll have to go out to a separate file). Update queries that run on the Open or
Current event of forms. And so on. Add new forms which open completely blank (because the user hasn't got permission to append?) so hiding any of my
navigation buttons. etc. etc.

As a quick and dirty approach...

I though I'd set up users and groups, but mainly to give me something to
grab hold of. Then in the OnOpen of most forms check which group the user is a member and make the form allowedits false and so on. That approach would
actually give me a finer level of granularity, as I could also disable
certain controls on the forms/switchboard etc. All this as an alternative to using all the user/group permissions.

What approaches does anybody else use?

Apart from planning security from the beginning, properly, of course.

TIA, Mike MacSween (feeling like a chump)

Nov 12 '05 #6
On Mon, 10 Nov 2003 21:46:13 -0000, "Mike MacSween"
<mi************ ******@btintern et.com> wrote in
comp.databases. ms-access:
Sure, Access isn't 100% secure. That doesn't worry me. Where I f****d up was
not planning security from the start. I think that Access security can
probably be made a lot harder than people imagine. As I've posted a couple
of times but only one person has responded. By combining it with NT
permissions.
As you've no doubt found out, NT permissions are not enough to fill
the gaps in Access security. Access is not a service-based system, so
you will always need to expose the file space on the server used by
the db to each and every user who need the file. This statement can
be tempered somewhat by various methods (adp's, nt security only, etc)
but is basically true. While you can tighten NT security to a point,
you really can't get past the fact that as a file-server based rdbms,
Access w/jet will always be susceptible to easy hacking.

The reason for a lack of responses is not because nobody is interested
in better security for Access, but rather because many of us have
looked into this problem in some depth, and concluded, unfortunately,
that there is no good solution. This is not just to say that 100%
effectiveness is unachievable, but rather, that it is impossible to
secure *any* Access database beyond the point where it can be
desecured within seconds and a handful of lines of code, or within
minutes if done manually. You simply need a server-based rdbms if you
wish to deliver any remote level of meaningful security to your
client's databases.
What approach do you use to Access security? The built in model or do you
'roll your own'


Both are fatally flawed and trivial to de-secure.

Peter Miller
_______________ _______________ _______________ _______________
PK Solutions -- Data Recovery for Microsoft Access/Jet/SQL
Free quotes, Guaranteed lowest prices and best results
www.pksolutions.com 1.866.FILE.FIX 1.760.476.9051
Nov 12 '05 #7
"Peter Miller" <pm*****@pksolu tions.com> wrote in message
news:ee******** *************** *********@4ax.c om...
On Mon, 10 Nov 2003 21:46:13 -0000, "Mike MacSween"
<mi************ ******@btintern et.com> wrote in
comp.databases. ms-access:
Thanks for you reply Peter
As you've no doubt found out, NT permissions are not enough to fill
the gaps in Access security.
Actually I haven't found that yet, but no doubt I will. I'm trying various
ways of using NT permissions to stop people getting at the back end tables.
Mostly successfully. But I'll keep trying to circumvent my own security!
The reason for a lack of responses is not because nobody is interested
in better security for Access, but rather because many of us have
looked into this problem in some depth, and concluded, unfortunately,
that there is no good solution. This is not just to say that 100%
effectiveness is unachievable, but rather, that it is impossible to
secure *any* Access database beyond the point where it can be
desecured within seconds and a handful of lines of code, or within
minutes if done manually.
Within seconds by you perhaps! My initial spur to look into this in greater
detail is to stop casual 'mucking about' with the database. If I can make
that damn difficult to do I'll have achieved my aim, in this case. In this
organisation it's almost certain that none of the users would have the skill
to get round a combination of Access and/or NT restrictions, and of course
if they go to MIS and ask them to lift those restrictions then that's fine.
The same would apply, presumably, to a server db.
You simply need a server-based rdbms if you
wish to deliver any remote level of meaningful security to your
client's databases.
There's not remote access to this db, it's on a LAN. Not quite sure what you
meant there.
Both are fatally flawed and trivial to de-secure.


As I said, trivial to you perhaps. But it's not really people with your
skill level that worry me. It's the maniacs who casually copy mdb files and
think they've got the data, which they may or may not have and then use that
'version' and it all get's out of sync etc. etc.

Thanks for you input.

Yours, Mike MacSween
Nov 12 '05 #8
"Mike MacSween" wrote
Within seconds by you perhaps! My initial
spur to look into this in greater detail is to
stop casual 'mucking about' with the database.
If I can make that damn difficult to do I'll have
achieved my aim, in this case. In this organi-
sation it's almost certain that none of the users
would have the skill . . . As I said, trivial to you perhaps. But it's not
really people with your skill level that worry
me. It's the maniacs who casually copy mdb
files and think they've got the data, which they
may or may not have and then use that
'version' and it all get's out of sync etc. etc.


If they have permission to use the database, I don't know how you can
prevent this scenario. They must have full permissions on the folders to be
able to _use_ it, it is trivial in Windows to copy a file, and they'll
already have permissions in Access security to use it. They don't have to
break security to do any of this, Mike.

And, there aren't many people anywhere in the world with the kind of skill
that Peter has in regard to Access / Jet internals. He does not break
security for clients (a position which makes perfect sense to me given the
litigious nature of our society), but anyone with US$150 can find on the
Internet and buy code that will break user/group security in a flash.

There's even a _free_ copy available of software to break user/group
security on an Access 97 database!
Nov 12 '05 #9

"Larry Linson" <bo*****@localh ost.not> wrote in message
news:6Z******** **********@nwrd dc02.gnilink.ne t...
"Mike MacSween" wrote
> Within seconds by you perhaps! My initial
> spur to look into this in greater detail is to
> stop casual 'mucking about' with the database.
> If I can make that damn difficult to do I'll have
> achieved my aim, in this case. In this organi-
> sation it's almost certain that none of the users
> would have the skill . . .
> As I said, trivial to you perhaps. But it's not
> really people with your skill level that worry
> me. It's the maniacs who casually copy mdb
> files and think they've got the data, which they
> may or may not have and then use that
> 'version' and it all get's out of sync etc. etc.


If they have permission to use the database, I don't know how you can
prevent this scenario. They must have full permissions on the folders to

be able to _use_ it, it is trivial in Windows to copy a file, and they'll
already have permissions in Access security to use it. They don't have to
break security to do any of this, Mike.

And, there aren't many people anywhere in the world with the kind of skill
that Peter has in regard to Access / Jet internals. He does not break
security for clients (a position which makes perfect sense to me given the
litigious nature of our society), but anyone with US$150 can find on the
Internet and buy code that will break user/group security in a flash.

There's even a _free_ copy available of software to break user/group
security on an Access 97 database!

AFAIK, those products do not "break security" in terms of producing a fully
desecured database. They just reverse-engineerin the passwords from a
workgroup file. That is not the same thing, eg. when there is no workgroup
file, or the workgroup file does not contain any Admins group users, or the
workgroup file is not the one that the database was created against.

So those products produce the same affect as finding a workmate's password
written on a PostIt note. That is bad - no doubt about it - but it does not
necessaruly give you unrestricted access to the database.

TC
TC

Nov 12 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
2360
by: craig | last post by:
I am working on my first .NET development project that involves custom role-based security per the project requirements. This lead to a general design issue this week that really caused us some concern. I have described the situation below because we are very curious to see what other, more experienced, developers might suggest. The specific classes and fields are used just to illustrate the concepts. Our application uses role-based...
32
2832
by: Mike MacSween | last post by:
Further to 'Security - more complex than I thought' Has anybody ever seen any studies? Or anecdotal evidence? Done any studies themselves? Done any lab testing - you know - 10 users asked to get past Access (or other) security? It'd be interesting to know. And no, I don't have any prejudices. Yours, Mike MacSween
0
9825
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
1
10595
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
10254
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
9379
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
6979
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
5650
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
5828
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
4458
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
4021
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.