473,883 Members | 1,624 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Importing from secured frontend

All,
As you can see below, I have had problems with inquisitive souls looking
at data they shouldn't be. I though disabling the ability to create new
databases using my workgroup would stop this but it doesn't. All they have
to do now is create a new database using the default wrkgroup, close it and
then open it again whilst joined to my workgroup and they can import again.
Can someone please help me stop these people importing from the FE or BE?

Many thanks,

Mark

"MacDermott " <ma********@nos pam.com> wrote in message
news:6D******** *********@newsr ead3.news.atl.e arthlink.net...
Do you have a reference to DAO?
From a code window, click Tools - References.
In the box that comes up, check Microsoft DAO Library.
Be sure to exit by using the OK button.

HTH

"Mark" <ma*********@nt lworld.com> wrote in message
news:iz******** ****@newsfe2-gui.ntli.net...
Hi All,
After countless hours of searching, I think I have found a solution
to
my problem from the Microsoft site (
http://support.microsoft.com/?kbid=210329 ). What is suggested is that I
disable the ability to create a new database when using my workgroup. As

the
"inquisitiv e" person needs to create the database from within my
workgroup
to have permission to import, this seems like the perfect solution.
However, my programming skills are still in their infant stages and

the
function provided by Microsoft does not work!!!!! The code below throws
up
the following error message when I try to run it: Compile error:
User-defined type not defined.

Could anyone please help me rectify this problem??

Function Remove_DBCreate ()

Dim d As DAO.Database, c As Container, SystemDB As String
SystemDB = "C:\Program Files\Microsoft Office\" & _
"Office\System. mdw" ' Use path for your system.
Set d = DBEngine(0).Ope nDatabase(Syste mDB)
Set c = d.Containers!Da tabases
c.UserName = "Users"
c.Permissions = c.Permissions And Not dbSecDBCreate

End Function

TIA,

Mark

"Mark" <ma*********@nt lworld.com> wrote in message
news:XC******** *****@newsfe3-win.ntli.net...
> Hi All,
>
> Firstly, I am aware from reading previous posts that if someone is
> determined enough, they will crack an Access Application. However, this
> problem seems basic but I can't find a workaround.
>
> I have a frontend/backend database at work which contains some
> sensitive information. I have used Access security along with my own
> and
> have disabled the shift key at start-up. I thought this was quite
> secure
> but I have found that someone has hacked into it and given themselves
> administrator privileges within my own security. After a lot of
> investigation, I have found out that they have done this by creating a
> new database under my workgroup and then importing the tables from the
> frontend. They can then open up any table they please and have
> visibility of everything due to no form being set to start-up..
>
> I have changed the way my security works by splitting the user table
> down so that the permissions given to each user is split from their
> passwords which they can change and given them only read permissions.
>
> What I want to be able to do is stop people being able to import/link
> from either the FE or BE unless they are the administrator. I have
> spent
> hours looking through the help files but can't see any reference to
> this.
>
> I am using Access 2002 SP2 on a XP platform.
>
> TIA
>
>



Nov 13 '05 #1
3 1820
"Mark" <ma*********@nt lworld.com> wrote:
I have had problems with inquisitive souls looking
at data they shouldn't be. I though disabling the ability to create new
databases using my workgroup would stop this but it doesn't. All they
have to do now is create a new database using the default wrkgroup,
close it and then open it again whilst joined to my workgroup and they
can import again. Can someone please help me stop these people
importing from the FE or BE?


Hi Mark,

If a casual user can create a new database using your own customised mdw
file and no hacking tools then the user-level security hasn't been
implemented correctly.

Have you implemented your security as per the MS KB item
<http://support.microsoft.com/default...access%2fconte
nt%2fsecfaq.asp > ?

Have you assigned a password to your Admin account and denied the 'users'
group access to the 'database' object?

Regards,
Keith.
www.keithwilby.org.uk
Nov 13 '05 #2
Hi Keith,
Neither of the groups (Admin/Users) have access to use anything from the
frontend or backend. I have created 2 user accounts, one for myself with
administrator privileges and a general user account with limited access.I
have given the general user account read permissions on all the tables they
need and then controlled what they can and can't do with my own security.
None of the objects in the database can be imported, only the tables because
by default, as soon as you give someone permission to read a table, they
have by default, permission to read the design. Both user accounts have a
password.

I didn't set all the permissions using the wizard but I have spent hours
going through all the permissions on all objects within the database and
general users only have what they need. With all this in place, a general
user can create a new DB using the default MDW. They can then open Access,
join my workgroup and then open their newly created DB and import all tables
they have read permission on. No-one can do this unless they are a member of
my workgroup!!!!!

Am I missing something?

Mark
"Keith Wilby" <ke*********@Aw ayWithYerCrap.c om> wrote in message
news:Xn******** *************** *@10.15.188.42. ..
"Mark" <ma*********@nt lworld.com> wrote:
I have had problems with inquisitive souls looking
at data they shouldn't be. I though disabling the ability to create new
databases using my workgroup would stop this but it doesn't. All they
have to do now is create a new database using the default wrkgroup,
close it and then open it again whilst joined to my workgroup and they
can import again. Can someone please help me stop these people
importing from the FE or BE?


Hi Mark,

If a casual user can create a new database using your own customised mdw
file and no hacking tools then the user-level security hasn't been
implemented correctly.

Have you implemented your security as per the MS KB item
<http://support.microsoft.com/default...access%2fconte
nt%2fsecfaq.asp > ?

Have you assigned a password to your Admin account and denied the 'users'
group access to the 'database' object?

Regards,
Keith.
www.keithwilby.org.uk

Nov 13 '05 #3
"Mark" <ma*********@nt lworld.com> wrote:
I
have given the general user account read permissions on all the tables


Hi Mark,

Don't do this. Instead, use queries with the 'Run permission' property set
to 'Owner's'. This will deny the account's users access to the tables but
they can still retrieve the data via the queries.

Regards,
Keith.
Nov 13 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
4714
by: Little PussyCat | last post by:
Hello, I nee to write something that will transfer excel data into an SQL Server table. I have for another database application I wrote have it importing Excel spreadsheet data using cell by cell, row by row method. This is fully automated so the user can choose whatever spreadsheet they want to import and press a button which sits on a VB6 frontend. This has been good for that situsation but it can be very slow when there
4
3073
by: Norman Fritag | last post by:
Hi there, I would like to retrieve of a secured database the Username and the group that he / she belongs to, to apply access rights to some button click events, which are accessing forms that the User Usergroup doesn't have access to. Any idea how I would go on about it?? kind regards
3
1984
by: patcho | last post by:
Hello, I have a problem that I was hoping to get some assistance with. I have built a split database (back end with all the tables and a password to protect the information & a front end to link to it). I have followed the Access Security model to create security over my Front End database (create a new workgroup, remove the admin user from the admins group, change permissions on the users group to very limited access etc).
2
4171
by: enrio | last post by:
I need to process the source code associated with the forms outside access, and import the changes back to Access. I find that I can export the source code of a form, but when I subsequently import it, even with no change, I get a message saying the module name is illegal. If the form is named Form_NewParticipant, the export file gets named Form_NewParticipant.cls, and when I reimport it, the error message quotes the name...
2
1140
by: VB Programmer | last post by:
I want to write a file to the "secured" dir that is on my website. The full path is: C:\inetpub\wwwroot\MyWebSite\Secured I tried this, but it didn't work: Dim strFileName As String = "Secured\MyFile.txt" Dim sw As New StreamWriter(strFileName) sw.WriteLine("Testing 1-2-3") sw.Close() Response.Redirect(strFileName)
1
2211
by: robert d via AccessMonster.com | last post by:
I'm trying to determine who is linked to the backend. I'm using the Microsoft code on the Jet User Roster that uses ado to develop a list. The front end and backend are secured. This code is to go in the front end. I don't understand why Access is telling me that I need to provide a User ID, PWD and Workgroup file to Open the backend with ado. I would have thought that the fact that a user is already logged into the front end and...
2
3028
by: Daniel Frechette | last post by:
Hi, Is it possible to have secured (SSL/HTTPS) and non-secured (HTTP) content in the same page without breaking the security? I am developing a secured reservation system in which the user can access Google Maps (not secured). The map is embedded in the page and does not open in a separate window. What solution do you recommend? Use iframes? If so, how?
1
2976
by: securedcardss | last post by:
http://card.2youtop.info secured credit card card credit instant secured card cash credit secured card
0
9943
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9793
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
10750
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
10858
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
10419
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
9577
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
7974
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
1
4619
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
4225
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.