473,888 Members | 1,859 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

I have carried out the Keith Wilby stepwise approach to securing an MDB but I am not sure what I have achieved

Hi
Hi
As daft as it may sound I have carried out the approach detailed by
Keith Wilby on his site www.keithwilby.com/ down to and inclusive of
import objects. I have established that:
1. IPGAdmin is now a member of the ‘Admins’ group and owns the
database and imported objects.
2. Admin the old user does not own the objects or the database and
does not have any permissions.

So now I have to check that IT has worked. I quote "Check that it has
worked by trying to log on as Admin with the password you gave the
account earlier. You should also check that you can't open the
database from an explorer window".

This is what I have checked and the associated results:

1) Double clicking on the MDB from within Windows Explorer generates a
popup logon. If I enter the original Admin and Password, the Admin
user can still do anything with the objects, delete and create etc.

2) I created a blank database under the original 'Admin' and password
and succeeded in importing all of the tables from the new database
which the 'Admin' user has no ownership or permissions.

Help what have I achieved?
Regards
Carriolan
Dec 15 '05 #1
9 1792
Perhaps Keith will see this and respond. I am not familiar with his
approach. But, clearly, from what you describe, you have not properly
secured the database.

My recommendation about securing your Access database always is to obtain
the Access Security FAQ from
http://download.microsoft.com/downlo...-us/secfaq.exe.

Read, re-read, and study it. Then follow it carefully and exactly. Do not
add nor skip any step -- if you do, it may leave it so insecure that anyone
can get into it, or so secure that not even you, the owner, can.

In his _Access 2.0 Developer's Guide_, Roger Jennings described Access
security as "labrynthin e". It has gotten somewhat stronger, but no simpler
through Access 2003. On the other hand, if your application or your data is
worth more than approx. US$150, don't rely on Access security, because
that's the going price for cracks that will crack even user and group
security.

And, as for the application, few Access applications are so complex that
they can't easily be re-created by an experienced Access developer with far
less time and effort than the original implementation. (After all, for
someone who knows Access very well, the heavy lifting has already been
done -- figuring out how to apply Access to the business problem.)

Larry Linson
Microsoft Access MVP
<carriolan@> wrote in message
news:9g******** *************** *********@4ax.c om...
Hi
Hi
As daft as it may sound I have carried out the approach detailed by
Keith Wilby on his site www.keithwilby.com/ down to and inclusive of
import objects. I have established that:
1. IPGAdmin is now a member of the 'Admins' group and owns the
database and imported objects.
2. Admin the old user does not own the objects or the database and
does not have any permissions.

So now I have to check that IT has worked. I quote "Check that it has
worked by trying to log on as Admin with the password you gave the
account earlier. You should also check that you can't open the
database from an explorer window".

This is what I have checked and the associated results:

1) Double clicking on the MDB from within Windows Explorer generates a
popup logon. If I enter the original Admin and Password, the Admin
user can still do anything with the objects, delete and create etc.

2) I created a blank database under the original 'Admin' and password
and succeeded in importing all of the tables from the new database
which the 'Admin' user has no ownership or permissions.

Help what have I achieved?
Regards
Carriolan

Dec 15 '05 #2
And keep reading that security white paper.

I built a set of instructions that's a bit more complete than what's in
the white paper. You can get to that from here:
http://abcdataworks.com/security.htm

I'm surprised that when I built those pages I didn't include my
standard description of Access security: It's great at keeping people
from accidentally coming across data they shouldn't see, makes it
fairly difficult for someone who doesn't know what they're doing to get
at your data, and is of absolutely no use in trying to thwart someone
determined to get to your data.

Jeremy
--
Jeremy Wallace
Fund for the City of New York

Dec 15 '05 #3
<carriolan@> wrote in message
news:9g******** *************** *********@4ax.c om...

Help what have I achieved?


I think you may have put the cart before the horse - my example is intended
to supplement the FAQ, not replace it. It might be wise to go back to your
backup (you did make one, right?), read/digest the FAQ and then try the
example again. With security there are no quick fixes and no shortcuts, it
takes a lot of reading and experimenting to get a full understanding.

Regards,
Keith.
Dec 16 '05 #4
Hi Jeremy
Great Instructions thanks. I now have a database that is protected and
which can only be accessed by 'newAdmin' from the desktop shortcut.
This is what I did next:
1. In 'Tools | Security | Users and Group Accounts | Users tab' I
setup a new user 'newUser'
2. I then 'added' the 'newUser' as a member of the 'myUsers' Group (
the one I set up previously with your instructions)
3. However I could not set the password in 'Tools | Security | Users
and Group Accounts | Change password' it would only allow me to amend
'newAdmin' password
4. Went into ' 'Tools | Security | Users and Group Permissions |
Permissions tab' and selected the 'Groups' radio button and 'Database'
from the objects dropdown
5. Selected the 'myUser' group and checked the boxes for 'Open/Run'
and 'OpenExclusive'
6. I did NOT select the 'Users' radio button and assign permissions
for 'newUser' directly
7. I then launched the database from the desktop shortcut. The logon
was displayed and I entered 'newUser' leaving the password blank
8. I got error messages: I do not have permission to run 'frmStartUp'
and 'autoExec'
9. Having 'OK'ed the two error messages I was allowed in and could set
the password for 'newUser'.

My questions are:
1. What permissions should I assign to the user to permit the
'newUser' to use the database, but without amending its objects.
2. How do I go about this?
3. What was the proper method of setting a password for 'newUser'?

My real objective is to prevent users from gaining access to the data
in my tables.

Thanks for your help
Regards
Carriolan

-


On 15 Dec 2005 11:08:16 -0800, je************@ gmail.com wrote:
And keep reading that security white paper.

I built a set of instructions that's a bit more complete than what's in
the white paper. You can get to that from here:
http://abcdataworks.com/security.htm

I'm surprised that when I built those pages I didn't include my
standard description of Access security: It's great at keeping people
from accidentally coming across data they shouldn't see, makes it
fairly difficult for someone who doesn't know what they're doing to get
at your data, and is of absolutely no use in trying to thwart someone
determined to get to your data.

Jeremy

Dec 16 '05 #5
Hi Jeremy
Great Instructions thanks. I now have a database that is protected and
which can only be accessed by 'newAdmin' from the desktop shortcut.
This is what I did next:
1. In 'Tools | Security | Users and Group Accounts | Users tab' I
setup a new user 'newUser'
2. I then 'added' the 'newUser' as a member of the 'myUsers' Group (
the one I set up previously with your instructions)
3. However I could not set the password in 'Tools | Security | Users
and Group Accounts | Change password' it would only allow me to amend
'newAdmin' password
4. Went into ' 'Tools | Security | Users and Group Permissions |
Permissions tab' and selected the 'Groups' radio button and 'Database'
from the objects dropdown
5. Selected the 'myUser' group and checked the boxes for 'Open/Run'
and 'OpenExclusive'
6. I did NOT select the 'Users' radio button and assign permissions
for 'newUser' directly
7. I then launched the database from the desktop shortcut. The logon
was displayed and I entered 'newUser' leaving the password blank
8. I got error messages: I do not have permission to run 'frmStartUp'
and 'autoExec'
9. Having 'OK'ed the two error messages I was allowed in and could set
the password for 'newUser'.

My questions are:
1. What permissions should I assign to the user to permit the
'newUser' to use the database, but without amending its objects.
2. How do I go about this?
3. What was the proper method of setting a password for 'newUser'?

My real objective is to prevent users from gaining access to the data
in my tables.

Thanks for your help
Regards
Carriolan

On 15 Dec 2005 11:08:16 -0800, je************@ gmail.com wrote:
And keep reading that security white paper.

I built a set of instructions that's a bit more complete than what's in
the white paper. You can get to that from here:
http://abcdataworks.com/security.htm

I'm surprised that when I built those pages I didn't include my
standard description of Access security: It's great at keeping people
from accidentally coming across data they shouldn't see, makes it
fairly difficult for someone who doesn't know what they're doing to get
at your data, and is of absolutely no use in trying to thwart someone
determined to get to your data.

Jeremy

Dec 16 '05 #6
My memory is that you can only set your own password, though as an
admin you can reset the password for other accounts. To set the
password fro other accounts, you've got to log in with that account.

As far as setting permissions, one big key is to set permissions for
groups, not individual users--your users will come and go, and you'll
just have to recreate those permissions when that happens. So even if
you are setting permissions particular to just one user, first create a
group with a name that describes the funcitons that person will do, set
permissions for that group, and make that individual a member of that
group.

A person will need to be a member of a group that has permission to use
every object that they come into contact with while using the database.
In general, I open up everything except those objectgs that need to be
locked down.

Jeremy
--
Jeremy Wallace
Fund for the City of New York

Dec 18 '05 #7
Keith W wrote:
<carriolan@> wrote in message
news:9g******** *************** *********@4ax.c om...
Help what have I achieved?

I think you may have put the cart before the horse - my example is intended
to supplement the FAQ, not replace it. It might be wise to go back to your
backup (you did make one, right?), read/digest the FAQ and then try the
example again. With security there are no quick fixes and no shortcuts, it
takes a lot of reading and experimenting to get a full understanding.

Regards,
Keith.

Yeah. MS made implementing security a complex issue...so complex even
they couldn't document it adequately. I doubt if there are more than a
handful at MS that could secure an Access database.
Dec 18 '05 #8
Bri

je************@ gmail.com wrote:
My memory is that you can only set your own password, though as an
admin you can reset the password for other accounts. To set the
password fro other accounts, you've got to log in with that account. <snip>
Jeremy


Check out the User Object. It has the Password Property.

--
Bri

From AC97 Help
==============
This example uses the CreateUser method and Password and PID properties
to create a new User object; it then makes the new User object a member
of different Group objects and lists its properties and groups.

Sub CreateUserX()

Dim wrkDefault As Workspace
Dim usrNew As User
Dim grpNew As Group
Dim usrTemp As User
Dim prpLoop As Property
Dim grpLoop As Group

Set wrkDefault = DBEngine.Worksp aces(0)

With wrkDefault

' Create and append new User.
Set usrNew = .CreateUser("Ne wUser")
usrNew.PID = "AAA1234567 89"
usrNew.Password = "NewPasswor d"
.Users.Append usrNew

' Create and append new Group.
Set grpNew = .CreateGroup("N ewGroup", _

"AAA1234567 89")
.Groups.Append grpNew

' Make the user "NewUser" a member of the
' group "NewGroup" by creating and adding the
' appropriate User object to the group's Users
' collection.
Set usrTemp = _
.Groups("NewGro up").CreateUser ("NewUser")
.Groups("NewGro up").Users.Appe nd usrTemp

Debug.Print "Properties of " & usrNew.Name

' Enumerate the Properties collection of NewUser. The
' PID property is not readable.

For Each prpLoop In usrNew.Properti es
On Error Resume Next
If prpLoop <> "" Then Debug.Print " " & _
prpLoop.Name & " = " & prpLoop
On Error GoTo 0
Next prpLoop

Debug.Print "Groups collection of " & usrNew.Name

' Enumerate the Groups collection of NewUser.
For Each grpLoop In usrNew.Groups
Debug.Print " " & _
grpLoop.Name
Next grpLoop

' Delete the new User and Group objects because this

' is a demonstration.
.Users.Delete "NewUser"
.Groups.Delete "NewGroup"

End With

End Sub

Dec 19 '05 #9

Bri wrote:
je************@ gmail.com wrote:
My memory is that you can only set your own password, though as an
admin you can reset the password for other accounts. To set the
password fro other accounts, you've got to log in with that account.

<snip>

Jeremy


Check out the User Object. It has the Password Property.

Right. Sorry. It's been a while since I've used this stuff. But I have
definitely used this code before. Thanks, Bri.

Dec 21 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

17
4775
by: David McNab | last post by:
Hi, I'm writing a web app framework which stores pickles in client cookies. The obvious security risk is that some 5cr1p7 X1ddi35 will inevitably try tampering with the cookie and malforming it in an attempt to get the server-side python code to run arbitrary code, or something similarly undesirable. To protect against this, I've subclassed pickle.Unpickler, and added
11
1911
by: Susan Bricker | last post by:
Greetings. I am looking for some advice on making a database secure. By secure, I mean that I want only certain people to have write access to the database and I want the updates to be permitted while other read-only users may be browsing and generating reports. I am working with MS/ACCESS 2000 and would like to split the database into a front-end and back-end and then put the back-end onto a shared drive that all of my group has access...
7
2222
by: Tom | last post by:
Can anyone give me any advice on how to secure a folder on a network server so that documents in the folder can only be opened through an Access database or by the database admin. I need to store MS Word docs in a folder on a network server. The database admin will save the docs to the folder. The docs must be available to Word automation out of a specific Access database and available to the database admin out of MS Word. Only users of...
11
3446
by: Wm. Scott Miller | last post by:
Hello all! We are building applications here and have hashing algorithms to secure secrets (e.g passwords) by producing one way hashes. Now, I've read alot and I've followed most of the advice that made sense. One comment I've seen alot about is "securing the hashing routine" but no-one explains how to accomplish this. So how do I secure my hashing routine? Do I use code access security, role based security, ACLs, etc or combination?...
4
1645
by: Dave | last post by:
(My apologies for posting this on two forums. I have just found out the other one was the incorrect location) I am writing a VB.NET 2003 web application to operate on my company's intranet. It accesses data in an SQL Server database. I have developed a couple of pages that display data successfully. However, there is one area that I am having trouble getting a handle on, despite purchasing a couple of Wrox books. Up until now, I have...
10
2370
by: Andy Mabbett | last post by:
(I assume this is the most appropriate group of this; pointers to anywhere more appropriate would be welcome) The Buzzword validator: http://validator.buzzword.org.uk/ says of this page: http://www.westmidlandbirdclub.com/diary/index.htm
1
1428
by: TimK | last post by:
I have a formula for percent cover and for calculating the variance for each species. I have a link to what I've built so far here: http://www.thousand-islands.org/ecology.html I have a hot button set to do a summary for each transect which, when done, will do a report for percent cover for each species encountered on that transect. The main report that I have no idea how to do will allow me to pick a year, island and species, height,...
20
3111
by: mike3 | last post by:
Hi. (Xposted to both comp.lang.c++ and comp.programming since I've got questions related to both C++ language and general programming) I've got the following C++ code. The first routine runs in like 65% of the time of the second routine. Yet both do the same thing. However, the second one seems better in terms of the way the code is written since it helps encapsulate the transformation in the inner loop better making it easier to read,...
10
3389
by: Les Desser | last post by:
In article <fcebdacd-2bd8-4d07-93a8-8b69d3452f3e@s50g2000hsb.googlegroups.com>, The Frog <Mr.Frog.to.you@googlemail.comMon, 14 Apr 2008 00:45:10 writes Not sure if I quite follow that. 1. Data encrypted by AES key 2. AES key encrypted with Asymmetric public key (?)
0
9959
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
11176
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
10772
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
10880
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
9593
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
7144
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
5812
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
1
4638
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
3
3246
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.