Now that users are handy at importing tables from an Excel spreadsheet, I've
discovered a very dangerous problem.
If the user decides to name the imported table the same name as an existing
table in the database, the Spreadsheet Import Wizard will happily overwrite
the table - and bye-bye database.
Is there a way to prevent this with code? Must I now read the Access
Security FAQ? 6 9650
Access ULS is the most secure method you could use. ULS will allow you full
control over what your users can and cannot do, and you can control exactly
what user can import into your application.
You could try removing menus and toolbars (click Tools - Startup to review
the possibilities), thereby making it more difficult to do this. If your
users depend on the builtin menus, however, you'll have to build your own
toolbars for them to use.This is pretty easy for semi-experienced (or
determined) users to get around, of course - if you want to be sure, then
use ULS.
--
Scott McDaniel
InfoTrakker Software
"deko" <de**@nospam.co m> wrote in message
news:O-*************** *****@comcast.c om... Now that users are handy at importing tables from an Excel spreadsheet, I've discovered a very dangerous problem.
If the user decides to name the imported table the same name as an existing table in the database, the Spreadsheet Import Wizard will happily overwrite the table - and bye-bye database.
Is there a way to prevent this with code? Must I now read the Access Security FAQ?
> Access ULS is the most secure method you could use. ULS will allow you full control over what your users can and cannot do, and you can control exactly what user can import into your application.
You could try removing menus and toolbars (click Tools - Startup to review the possibilities), thereby making it more difficult to do this. If your users depend on the builtin menus, however, you'll have to build your own toolbars for them to use.This is pretty easy for semi-experienced (or determined) users to get around, of course - if you want to be sure, then use ULS.
Looking at the Security FAQ, I see these DAO security constants:
Can create new tables / queries
dbSecCreate
Can read table definitions
dbSecReadDef
Can modify or delete table definitions
dbSecWriteDef
Can read records
dbSecRetrieveDa ta
Can add records
dbSecInsertData
Can edit records
dbSecReplaceDat a
Can delete records
dbSecDeleteData
I want users to be able to modify and delete table definitions, and
everything else on the list - I just don't them overwriting existing tables.
I'm mostly worried about mistakes rather than malice, so It would be nice to
somehow (temporarily) put a lock on all internal tables with code to prevent
the overwrite. Is this possible?
When importing from another Access database, as you know, a table name is
indexed with a number if it has the same name as an existing table - not so
with the spreadsheet import wizard. I believe this is a serious oversight
on the part of the MS Access team.
Your best bet is to implement ULS and use RWOP queries for all data access
(the FAQ has info on RWOP queries), then remove all pemissions to tables ...
with RWOP queries, users don't need to interact with the table, only the
query. Of course, you probably wouldn't be able to use the builtin methods
to import your files, and would instead have to build your own utiltiy to
control the process. If you control the process, you can easily determine if
a desired table name is already present and take appropriate action. Even if
you implement security, if you still allow users to import items via the
builtin Access methods, you'll stand the chance of a user overwriting.
I don't really agree that this is a serious oversight ... seems perfectly
reasonable to me to overwrite a table, if the user requests it ... after
all, the software should respond to the User's request. I would agree that
the Import wizard should ask them if they want to overwrite, but I'd also
argue that a properly designed program should NEVER allow users to directly
import data to the live tables without first providing some form of backup
.... my thinking is that the application should import to temporary tables
and then allow users to append, at best, information to existing tables, but
only after making sure the original data is safe ... just my .02 worth ...
--
Scott McDaniel
InfoTrakker Software
"deko" <de**@nospam.co m> wrote in message
news:eN******** ************@co mcast.com... Access ULS is the most secure method you could use. ULS will allow you full control over what your users can and cannot do, and you can control exactly what user can import into your application.
You could try removing menus and toolbars (click Tools - Startup to review the possibilities), thereby making it more difficult to do this. If your users depend on the builtin menus, however, you'll have to build your own toolbars for them to use.This is pretty easy for semi-experienced (or determined) users to get around, of course - if you want to be sure, then use ULS.
Looking at the Security FAQ, I see these DAO security constants:
Can create new tables / queries dbSecCreate Can read table definitions dbSecReadDef Can modify or delete table definitions dbSecWriteDef Can read records dbSecRetrieveDa ta Can add records dbSecInsertData Can edit records dbSecReplaceDat a Can delete records dbSecDeleteData
I want users to be able to modify and delete table definitions, and everything else on the list - I just don't them overwriting existing tables. I'm mostly worried about mistakes rather than malice, so It would be nice to somehow (temporarily) put a lock on all internal tables with code to prevent the overwrite. Is this possible?
When importing from another Access database, as you know, a table name is indexed with a number if it has the same name as an existing table - not so with the spreadsheet import wizard. I believe this is a serious oversight on the part of the MS Access team.
> Your best bet is to implement ULS and use RWOP queries for all data access (the FAQ has info on RWOP queries), then remove all pemissions to tables ... with RWOP queries, users don't need to interact with the table, only the query. Of course, you probably wouldn't be able to use the builtin methods to import your files, and would instead have to build your own utiltiy to control the process. If you control the process, you can easily determine if a desired table name is already present and take appropriate action. Even if you implement security, if you still allow users to import items via the builtin Access methods, you'll stand the chance of a user overwriting.
I don't really agree that this is a serious oversight ... seems perfectly reasonable to me to overwrite a table, if the user requests it ... after all, the software should respond to the User's request. I would agree that the Import wizard should ask them if they want to overwrite, but I'd also argue that a properly designed program should NEVER allow users to directly import data to the live tables without first providing some form of backup ... my thinking is that the application should import to temporary tables and then allow users to append, at best, information to existing tables, but only after making sure the original data is safe ... just my .02 worth ...
The app does not need security so I'm reluctant to start dealing with ULS,
and the built-in utilities are definitely needed for importing data.
Personally, I think the import wizards are fantastic. The users of this app
need to import form both text and Excel files and the import wizard makes it
a snap. The barf bag is that they can destroy the database if they
overwrite an internal table. I should not have to implement ULS to prevent
this. If users want to overwrite a table, they can rename the table in the
database window. Letting them overwrite a table from an import wizard is
just bad design as far as I'm concerned.
In any case, I found a work around. If I open a recordset on a table before
the import wizard is opened, that table cannot be overwritten. I tested
this with a couple of tables and it worked great. What I'll need to do is
loop through all internal tables and open a recordset selecting one record
from each table, and then close them all when the wizard closes. It may
take some experimentation to get things just right, but I'm confident this
will serve my purposes.
deko wrote: Now that users are handy at importing tables from an Excel spreadsheet, I've discovered a very dangerous problem.
If the user decides to name the imported table the same name as an existing table in the database, the Spreadsheet Import Wizard will happily overwrite the table - and bye-bye database.
Is there a way to prevent this with code? Must I now read the Access Security FAQ?
Why don't you create a form that has a FileOpen dialog that selects the
spreadsheet name. You can then set your own rules in the form for
importing. You can even import the data on your own conditions.
Basically you are letting the user have access to your data where there
are no rules. They could open up any table and input/modify data
without following the rules of the app.
You do know that you don't need forms or code to update tables. You can
open up tables and enter data however you want whther correct or not.
That is why we have jobs as developers...to create applications that
follow rules defined by the project.
Create the form and tell the users to use the form. If they don't use
the form and mess up the database fire them.
Glad you found a workaround ... good luck
--
Scott McDaniel
InfoTrakker Software
"deko" <de**@nospam.co m> wrote in message
news:q5******** ************@co mcast.com... Your best bet is to implement ULS and use RWOP queries for all data access (the FAQ has info on RWOP queries), then remove all pemissions to tables ... with RWOP queries, users don't need to interact with the table, only the query. Of course, you probably wouldn't be able to use the builtin methods to import your files, and would instead have to build your own utiltiy to control the process. If you control the process, you can easily determine if a desired table name is already present and take appropriate action. Even if you implement security, if you still allow users to import items via the builtin Access methods, you'll stand the chance of a user overwriting.
I don't really agree that this is a serious oversight ... seems perfectly reasonable to me to overwrite a table, if the user requests it ... after all, the software should respond to the User's request. I would agree that the Import wizard should ask them if they want to overwrite, but I'd also argue that a properly designed program should NEVER allow users to directly import data to the live tables without first providing some form of backup ... my thinking is that the application should import to temporary tables and then allow users to append, at best, information to existing tables, but only after making sure the original data is safe ... just my .02 worth ...
The app does not need security so I'm reluctant to start dealing with ULS, and the built-in utilities are definitely needed for importing data. Personally, I think the import wizards are fantastic. The users of this app need to import form both text and Excel files and the import wizard makes it a snap. The barf bag is that they can destroy the database if they overwrite an internal table. I should not have to implement ULS to prevent this. If users want to overwrite a table, they can rename the table in the database window. Letting them overwrite a table from an import wizard is just bad design as far as I'm concerned.
In any case, I found a work around. If I open a recordset on a table before the import wizard is opened, that table cannot be overwritten. I tested this with a couple of tables and it worked great. What I'll need to do is loop through all internal tables and open a recordset selecting one record from each table, and then close them all when the wizard closes. It may take some experimentation to get things just right, but I'm confident this will serve my purposes.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: db2group88 |
last post by:
we are using db2 udb v8.1 on windows, the configure parameter for
locks is locklist 1000, maxlocks 60, but somehow i still have the
error message
ADM5502W The escalation of "1" locks on table "SYSIBM
..SYSSCHEMAAUTH" to lock
intent "X" was successful.
so why even one lock on table still escalate to X lock? our
application doesn't use this table, so why there is lock on it, is it
|
by: Trent |
last post by:
Hello, all.
I have the following production DB2 environment.
DB2 8.1.4 (fp4) WG edition with 2 production databases on Windows 2003
standard edition.
My first question is regard with locking. I found some escalations for
X lock on some tables. How do I work out an appropriate MAXLOCK &
LOCKTIMEOUT settings to optimize the lock escalation issue.
|
by: Ed L. |
last post by:
I think I'm seeing table-level lock contention in the following function
when I have many different concurrent callers, each with mutually distinct
values for $1. Is there a way to reimplement this function using
select-for-update (or equivalent) in order to get a row-level lock (and
thus less contention) while maintaining the function interface? The docs
seem to suggest so, but it's not clear how to return the SETOF queued_item
and also...
|
by: shenanwei |
last post by:
DB2 V8.2 on AIX, type II index is created.
I see this from deadlock event monitor.
5) Deadlocked Connection ...
Participant no.: 2
Lock wait start time: 09/18/2006 23:04:09.911774
......
Deadlocked Statement:
Type : Dynamic
Operation: Execute
|
by: cwho.work |
last post by:
Hi!
We are using apache ibatis with our MySQL 5.0 database (using innodb
tables), in our web application running on Tomcat 5. Recently we
started getting a number of errors relating to
java.sql.SQLException: Deadlock found when trying to get lock; Try
restarting transaction message from server: "Lock wait timeout
exceeded; try restarting transaction";
We get such errors generally on inserts or updates while applying a
| |
by: Roopesh |
last post by:
Hi,
In my mod_python project I am using mysql as the database. There is
table card in which unique cards are stored. When a user request comes
he has to get a unique card. In this situation I want to use LOCK with
which I can prevent other users accessing the table. I tried excuting
"LOCK" command of mysql through python code, but it is not locking the
database. Any ideas why this isn't working and how can I do the same.
//python code...
|
by: Serman D. |
last post by:
Hi,
I can't understand why mysql allows me to grant lock tables to all
tables in a particular database, while it fails to accept the same
command applied to a single table only. I've tested on MySQL versions
4.1.20 and 5.0.33 (both running CentOS 4.4 linux on Intel-32) with
exact same results.
Whats wrong with grant lock tables on a single table?
|
by: banging |
last post by:
Hi there,
I have a question regarding locking of tables so that when two or more people try to write or update the mysql tables, it locks up. Basically I only want one person to write to the file, but many are able to read the files (or tables entities).
I am not sure if I need to lock the tables in my Java code or do I lock the tables within the MySQL syntax. I'm just a little confused on the matter.
This java code is a working...
|
by: zmickle |
last post by:
Excuse my noobness. I am managing an access database that is shared
by 4 users. Management does not want to use any technologies outside
of access for this application (no SQL Server, etc). I have split the
database into front end and back end databases and put the front end
on each of the users' computers. All users can open the front end
simultaneously, but once somebody updates data in the form, the back
end locks up.
What I...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |