Hello there nice folks,
OS: NT
Office: XP
Assumption 01: Already read MS's Security FAQ
Assumption 02: Good knowledge of how to secure a database
Scenario:
1) Tables in a "secured"mdb backend
2) Forms, Code, Queries and linked tables in a "secured" .mde front
end
3) "Users" group given no access at all
4) By pass key permanently disabled in the mde file by passing the ddl
parameter (checked and works like a charm)
5) People accessing the database through the mde file have an intense
logic behind the forms where Form 1 has to have information Before
Entering/viewing Information in Form 2 and so on and so forth
6) Based on the status of a record, user's are permitted/ not
permitted to view record
Challenge:
As you can see, everything looks hunky dory from the scenario above.
However, let's say user JOEBLOE has read access on Table 1 and Table 2
but is not suppose to see Table 2 until data has been entered in Table
1.
JOEBLOE is a curious user, who has nothing else to do at work except
for exploring Access databases lying around. Also, JOEBLOE knows quite
a bit of Access and thinks he is a programmer. To hack into the
system, JOEBLOE makes a new Access database but opens it using the MDW
file located on his system. Because JOEBLOE has read ….and also write
access to these tables, he can import them and view Table 1 and Table
2 without following the enforced system implemented through forms in
the MDE.
How do I prevent JOEBLOE from doing this?
All help is really appreciated
Thanks
JOEBLOES despiser
Farooq