473,850 Members | 2,036 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

How secure is my application???

I have recently designed an application in Ms Access with the
folllowing security:

1) Database is split into a front-end / backend with linked tables
2) All modules are password protected
3) Bypass shift code used to disable bypassing startup routines
4) Users enter database through login screen which checks login from
an Access table. This table is imported; not linked in the front-end.
5) The menubar on the startup form has been set to "=1" meaning no
menu will appear on this form.

How secure is this application? Is there still a way for users to get
into the design mode of the front-end or modify any code in the
database? Can more be done to increase security? Is this better than
the security built in Access using the workgroup file?

Any input would be greatly appreciated.
Nov 13 '05 #1
2 1530
On 19 Aug 2004 06:41:10 -0700, no***********@c ox.net (Jason Smith)
wrote:

The ONLY secure way to prevent people from seeing your source code is
to distribute an MDE. It does not have any source code.

-Tom.

I have recently designed an application in Ms Access with the
folllowing security:

1) Database is split into a front-end / backend with linked tables
2) All modules are password protected
3) Bypass shift code used to disable bypassing startup routines
4) Users enter database through login screen which checks login from
an Access table. This table is imported; not linked in the front-end.
5) The menubar on the startup form has been set to "=1" meaning no
menu will appear on this form.

How secure is this application? Is there still a way for users to get
into the design mode of the front-end or modify any code in the
database? Can more be done to increase security? Is this better than
the security built in Access using the workgroup file?

Any input would be greatly appreciated.


Nov 13 '05 #2
Depends what you're trying to secure, the data or your code.

A while ago I quoted for a job making Excel spreadsheets secure. Didn't get
the job, but in the course of investigating it I bought one of the many MS
Office password cracking programs.

It worked on everything except the file password for Word (2000 and later
IIRC) and Excel (ditto). A very strong, e.g. !£"$%£%$^%&^*&* ()_ type
password seemed uncrackable for these 2. Everything else, not matter how
strong, was cracked very quickly.

So your password on modules isn't worth anything if you think somebody who
knows how to type 'Access' and 'Password' into a search engine and who is
prepared to cough up a few dollars will be interested in your app.

Like Tom says, make the mdb with the code in into an MDE. Better still,
encrypt the MDB, _then_ make it into an MDE.

If it's the actual data you want to protect, then just use NT permissions on
the backend file. Use Access security to deny direct access to the BE tables
and RWOP queries to get at the data in the FE. Rename the BE files to
something daft, get rid of the .mdb extension, so that it's not obvious, put
them in a non obvious folder. And so on and so forth.

If you search in the archives you will find a pretty long thread with me,
David W Fenton and Michael Kaplan and others discussing at length whether
any of the steps I suggest amount to 'meaningful' security. You must make up
your own mind. The thread is 'Security - more complex than I thought'.

You don't actually say what you want to prevent. So it may be that nobody is
very interested in nicking your stuff, so a low level of 'security' may be
enough. The locks on my front door probably aren't as good as the ones on
the jewellers at the top of the street.

Yours, Mike MacSween
"Jason Smith" <no***********@ cox.net> wrote in message
news:d2******** *************** ***@posting.goo gle.com...
I have recently designed an application in Ms Access with the
folllowing security:

1) Database is split into a front-end / backend with linked tables
2) All modules are password protected
3) Bypass shift code used to disable bypassing startup routines
4) Users enter database through login screen which checks login from
an Access table. This table is imported; not linked in the front-end.
5) The menubar on the startup form has been set to "=1" meaning no
menu will appear on this form.

How secure is this application? Is there still a way for users to get
into the design mode of the front-end or modify any code in the
database? Can more be done to increase security? Is this better than
the security built in Access using the workgroup file?

Any input would be greatly appreciated.

Nov 13 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
4850
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms Authentication set up and it worked just fine. Then I realized that I needed to have some pages unsecure. I then created 2 directories. One named Secure and the other named Public. I placed my web.config file in my
7
3030
by: Seth | last post by:
I have noticed that the id of my session object changes when I switch from a non-secure to a secure connection. What I'm trying to do: I have a cookie that is built on the non-secure side of things. What I need to do is to switch to a secure connection and then later on while still in that secure connection delete the cookie that was created on the non- secure side. I need to do this because I can not reference the non-secure cookie...
1
1652
by: Iulian Ionescu | last post by:
I have a page (http://www.something.com/) and a secure page (https://secure.something.com) and the secure.something.com points to http://www.something.com/secure/ All works ok, but, when I transfer to one of the pages on the secure directory all gets lost. First of all, I had to basically duplicate my web application assembly in the secure folder. I created a "secureWrapper" solution and I added the main web application as a reference,...
5
7565
by: A.M | last post by:
Hi, My ASP.NET application uses SSL on IIS6. up on visiting some pages, IE 6 shows this security alert: This page contains both secure and non secure items. Do you want to display non-secure items? Regardless I answer no (or yes), everything works fine.
3
4175
by: Bill | last post by:
I'm running a C#.Net application that is using the HttpWebRequest to upload an xml file to a https site with FIPS complicancy turned on. On the "GetRequestStream()" method I get: "The underlying connection was closed: Could not establish secure channel for SSL/TLS." With FIPS turned on the secure website, only a FIPS compliant protocol can be used. Since SSL is not FIPS compliant then only TLS can be used. Unfortunately, this protocol...
5
2180
by: Joe | last post by:
I have an application which runs in a non-secure environment. I also have an application that runs in a secure environment (both on the same machine). Is there any way to share the session data for this? Most of the site allows the user to add things to a cart (non-secure), once they choose to check-out, I need this information which was stored in the session to be read by the payment page(secured). Hope this makes sense. It's probably...
7
4974
by: Robert Seacord | last post by:
The CERT/CC has just deployed a new web site dedicated to developing secure coding standards for the C programming language, C++, and eventually other programming language. We have already developed significant content for the C programming language that is available at: https://www.securecoding.cert.org/ by clicking on the "CERT C Programming Language Secure Coding Standard"
0
2350
by: amitvps | last post by:
Secure Socket Layer is very important and useful for any web application but it brings some problems too with itself. Handling navigation between secure and non-secure pages is one of the cumbersome jobs. When a non-secure page references a secure page with relative URL, the web server generates error until absolute URL with https prefix is used. On the other hand when a secure page references a non-secure page, the non-secure page will be...
6
1644
by: =?Utf-8?B?Q3JhaWc=?= | last post by:
If I have an application that I send out to users, and the application interacts with the database (behind the scenes, no direct sql creation by the users)....do webservices make the app more secure? I always thought of webservices as just a good way to allow users to have an API for them to interact with the database, but are webservices useful if the user never really knows that they are there?
1
3136
by: Annonymous Coward | last post by:
I am writing an application which I will deploy to my clients. It is important for security, support, IP reasons etc, that the users are not able to access my databse schema (i.e. view/modify/run procs etc). What do I have to do to ensure that users will not be able to access my database? Also, I am thinking of installing SSE as a seperate instance with a unique name - the idea being that it keeps my database away from any that may...
0
9744
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
1
10725
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
10352
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
9503
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
7900
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
7072
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
5735
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
5931
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
3
3178
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.