We have a database with NO security on a network drive.
Seems that some IT person went in and created a security.mdw
Now no one can log into the database.
Is there a way to get rid of this and get the database back to a
normal shared database?
10  1374 
sparks wrote:
We have a database with NO security on a network drive.
Seems that some IT person went in and created a security.mdw
Now no one can log into the database.
Is there a way to get rid of this and get the database back to a
normal shared database?
Find out who made the change and get them to fix it.
A blowtorch and a pair of pliers?
"sparks" <sp****@comcast .netwrote in message
news:64******** *************** *********@4ax.c om...
We have a database with NO security on a network drive.
Seems that some IT person went in and created a security.mdw
Now no one can log into the database.
Is there a way to get rid of this and get the database back to a
normal shared database?
Restore it from your most recent backup? The only way you'll stop someone
from dabbling with your app is to secure it, either using Windows file
permissions or Access user-level security or a mixture of both.
Keith. www.keithwilby.com
^^@Keith,
Thats not entirely true - you can also use cryptography on the fields
if you wish (although it is a lot of work), and there are other ways
of introducing security into db if you need to go down that path.
My point is simply that the IT guy has acted inappropriately and
possibly thoughtlessly. Access security isnt really secure, and if you
really want to make something secure then you need to do a risk
assessment to determine an appropriate level of security to implement.
Its not that hard, it just takes a little forethought and planning,
which is apparently what your IT guy failed to do.
I would certainly take Keiths advice and get hold of an old backup. I
would also want to have a suitable backup mechanism built into the
application itself and not have to rely solely on the IT guy to handle
this given the current situation. It is possible to make
cryptographical ly secure backups too. It all depends on if you need
all that stuff. Maybe the IT guy was just playing.
Cheers
The Frog
Keith Wilby wrote:
"sparks" <sp****@comcast .netwrote in message
news:64******** *************** *********@4ax.c om...
We have a database with NO security on a network drive.
Seems that some IT person went in and created a security.mdw
Now no one can log into the database.
Is there a way to get rid of this and get the database back to a
normal shared database?
Restore it from your most recent backup? The only way you'll stop someone
from dabbling with your app is to secure it, either using Windows file
permissions or Access user-level security or a mixture of both.
Keith.
www.keithwilby.com
"The Frog" <Mr************ @googlemail.com wrote
A blowtorch and a pair of pliers?
Overkill. The quote may be apocryphal, or it may have been said by someone
else _about_ LBJ, "When you got 'em by the b***s, their hearts and minds
will follow."
That said, I've been in the business a long time, and never encountered an
IT person who would secure an application from its owner/users unless
directed to do so by management or unless the IT person thought there was an
emergency that made it a _compelling need_ to do so*. It is certainly
something that you ought to take up with IT, or, even better, that your
manager ought to take up with a corresponding-level manager in IT.
* that's not to say that there isn't such a person, somewhere, but
I've worked with some pretty ditsy ones over the years and
haven't encountered any
Larry Linson
Microsoft Office Access MVP
I had the pleasure of working with one once. It was someone in a
security firm who made the decision that he was going to 'secure'
everything and the business be damned. Unfortunately for him he didnt
make any backups or even export the cryptographic keys and credentials
before 'activating' his master work, and of course you cant actually
make yourself a log-in if your credentials are stored in an encrypted
system and you need them to get into that very system.....
Then there was the second attempt by this 'expert' to create a 'safe'
operating environment for 'his users' where he established each user
account as a guest account - including the administrator. Lovely stuff
and I am really glad that I am not entirely sure how he managed this
master stroke.
The final stretch of genious that I saw from this very special
'expert' was when he finally decided, after threat of being fired, to
run regular backups on the servers, and to have the backups stored off-
site. Pretty reasonable one might think. Enter the last stroke of
genious, the backups were stored on cryptographicly secured drives on
a RAID array, which were swapped out as needed. Not my preferred
choice, but it could work, except that when the servers did crash it
does help to have the appropriate cryptographic certificates to be
able to read ones drives again doesnt it?
I am not entirely sure what became of this man, however I am quite
aware that he managed to destroy a company by his incompetence. I am
sure he meant well, he was just an idiot who didnt think about the
consequences of his actions. I do believe that there exists a group of
perople that are willing to experiment with other peoples toys not
knowing really what they are doing. I do hope in this case that the
OP's IT person acted with good reason and cause, and has the common
sense to handle things appropriately. However, when I see actions such
as this I cant help but feel that 'fiddling' has taken place - and
probably shouldn't have - just the same.
I cant imagine a reason that someone would encrypt a database without
telling the 'owner' if it was a risk when the database in this case is
a file that can be placed onto a DVD or tape or mobile HD, USB key or
whatever and temporarily removed from the 'offending' system entirely.
Safer, easier, and not problem to then later do a proper risk
assessment and implementation of appropriate security measures. I am
afraid that the actions of the IT person in question will always seem
either a deliberate dogs act or one of ignorance that shouldn't have
been acted on.
Just my 2 cents
The Frog
Well we are caught between a rock and a hard place.
First IT denies everything.. I asked who created this file.
WE DONT KNOW.
then we check the person who owns the file, I am assuming as soon as
she logged in she took ownership..Its the girl doing the data entry.
How did you log in, what username and password...
I JUST HIT RETURN RETURN and it opened.
That is what she told the IT department.
IT then said maybe it just appeared... I said no, someone had to
create it.
now someone had to go into security and set it up..It looks like you
can do it with no username and password on the security, at least that
is what they are saying. They have the whole directory copied into
some secure server for now and no one can see it.
On Thu, 28 Aug 2008 18:55:21 GMT, sparks <sp****@comcast .netwrote:
>We have a database with NO security on a network drive.
Seems that some IT person went in and created a security.mdw
Now no one can log into the database.
Is there a way to get rid of this and get the database back to a
normal shared database?
sparks wrote:
Well we are caught between a rock and a hard place.
First IT denies everything.. I asked who created this file.
WE DONT KNOW.
then we check the person who owns the file, I am assuming as soon as
she logged in she took ownership..Its the girl doing the data entry.
How did you log in, what username and password...
I JUST HIT RETURN RETURN and it opened.
That is what she told the IT department.
IT then said maybe it just appeared... I said no, someone had to
create it.
now someone had to go into security and set it up..It looks like you
can do it with no username and password on the security, at least that
is what they are saying. They have the whole directory copied into
some secure server for now and no one can see it.
Security cannot be done by accident. If some people (even one) can open the
file without providing a username and password then the file is not secured.
The mere presence of a security.mdw file means nothing at all. A user will
not utilize an MDW file unless they go out of their way to do so.
--
Rick Brandt, Microsoft Access MVP
Email (as appropriate) to...
RBrandt at Hunter dot com
Hi Sparks,
Dont take the file ownership thing as an absolute in this case either
- it is something that can be taken by someone and depending on the OS
also given to someone.
My suggestion is to not hit the panic button just yet. Can you get in
to the application and work with it? Can you see the data in the
tables? If you can the first thing I would do is to get a dump of the
database completely, everything. If you need help with that just drop
us a note here and I am sure some of us will be able to get you moving
in the right direction.
Rule #1: Make a backup of your data - make it safe - make it
regularly.
Cheers
The Frog
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Sarah Tanembaum |
last post by:
I was wondering if it is possible to create a secure database system
using RDBMS(MySQL, Oracle, SQL*Server, PostgreSQL etc) and web
scripting/programming language(Perl, PHP, Ruby, Java, ASP, etc) combination?
I have the following in mind:
I wanted to store all my( and my brothers and sisters) important
document
information such as birth certificate, SSN, passport number, travel
documents, insurance(car, home, etc) document, and other...
|
by: Fran Tirimo |
last post by:
I am developing a small website using ASP scripts to format data retrieved
from an Access database. It will run on a Windows 2003 server supporting
FrontPage extensions 2002 hosted by the company 1&1 with only limited server
configuration via a web based control panel.
My query relates to the ASP security model and how it relates to FrontPage
options for setting file access on a database file. If you know of any
online documentation...
|
by: Nascimento, Daniel |
last post by:
i tried to create a conecction to a database MSAccess 2002 with Microsoft JET
4.0 OLE Provider but it gives me the error:
'Teste connection failed because of an error in initializating provider.
cannot start your application.
the workgroup information file is missing or opened exclusively by another
user.'
how can i fix this problem???
|
by: Nicolae Fieraru |
last post by:
Hi All,
I am working on a web site in asp which will be hosted on a Windows 2003
server.
I use the following code to connect to the database:
Set objConn = Server.CreateObject("ADODB.Connection")
Set objRS1 = Server.CreateObject("ADODB.Recordset")
objConn.Provider = "Microsoft.Jet.OLEDB.4.0"
|
by: kai |
last post by:
Hi, All
I try to block some one import my Access database tables using Access
database.
I used password protection, but if some one crack through my password, are
there any other methods to block some one importing my tables using Access
database?
Thanks
| | |
by: lappy |
last post by:
Hello, I have written a small programme to compact an access 97
database.
Dim je As New JRO.JetEngine
' Compacts database Data.Mdb to Data2.mdb.
je.CompactDatabase "Provider=Microsoft.Jet.OLEDB.4.0;" & "Data
Source=C:\Dump\DataOld.Mdb", _
"Provider=Microsoft.Jet.OLEDB.4.0;" & "Data
Source=C:\Dump\Data.Mdb"
|
by: Ant |
last post by:
I am trying to apply security to a database I have just finished. The
application is split into a back end of tables and a front end of forms etc.
I need some users to have access to forms based on some queries but not
others. My question is do I run the security wizard in the back end DB or
the front end? If I just do the front end I seem to have more control
(Queries, individual forms etc) but what’s to stop some one just opening the...
|
by: clusardi2k |
last post by:
Hello again,
I have to go home and read up on Access.
But, I have read else-where in this newsgroup that I can just save the
password in the database under scrutiny.
Wouldn't it be wasteful to create a password column for all database
entries?
|
by: jason |
last post by:
I've been playing around with new (for 2.0) membershp functionality.
I was able to build a simple login form that secures a directory on a
project I built locally on my development desktop.
However, when I attempt to follow the same steps on the remote test
server (a website I access via filesystem security accross my lan ).. I
get the following when I attempt to select the security tab from the
administer selection of the login...
|
by: Ted |
last post by:
I am construvcting a number of databases, some of which contain
sensitive data and most of which do not. I am attempting to handle the
security issues involved in protecting sensitive data in part by
putting it in its own database. If the sensitive data is in a database
called d_SensitiveData, and in that database there is a table called
't_A' (I know, not very informative, but this is only a trivially
simple example :-), and I have a...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| | |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
| | |
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
