By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
426,234 Members | 1,832 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 426,234 IT Pros & Developers. It's quick & easy.

How secure is my application???

P: n/a
I have recently designed an application in Ms Access with the
folllowing security:

1) Database is split into a front-end / backend with linked tables
2) All modules are password protected
3) Bypass shift code used to disable bypassing startup routines
4) Users enter database through login screen which checks login from
an Access table. This table is imported; not linked in the front-end.
5) The menubar on the startup form has been set to "=1" meaning no
menu will appear on this form.

How secure is this application? Is there still a way for users to get
into the design mode of the front-end or modify any code in the
database? Can more be done to increase security? Is this better than
the security built in Access using the workgroup file?

Any input would be greatly appreciated.
Nov 13 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
On 19 Aug 2004 06:41:10 -0700, no***********@cox.net (Jason Smith)
wrote:

The ONLY secure way to prevent people from seeing your source code is
to distribute an MDE. It does not have any source code.

-Tom.

I have recently designed an application in Ms Access with the
folllowing security:

1) Database is split into a front-end / backend with linked tables
2) All modules are password protected
3) Bypass shift code used to disable bypassing startup routines
4) Users enter database through login screen which checks login from
an Access table. This table is imported; not linked in the front-end.
5) The menubar on the startup form has been set to "=1" meaning no
menu will appear on this form.

How secure is this application? Is there still a way for users to get
into the design mode of the front-end or modify any code in the
database? Can more be done to increase security? Is this better than
the security built in Access using the workgroup file?

Any input would be greatly appreciated.


Nov 13 '05 #2

P: n/a
Depends what you're trying to secure, the data or your code.

A while ago I quoted for a job making Excel spreadsheets secure. Didn't get
the job, but in the course of investigating it I bought one of the many MS
Office password cracking programs.

It worked on everything except the file password for Word (2000 and later
IIRC) and Excel (ditto). A very strong, e.g. !"$%%$^%&^*&*()_ type
password seemed uncrackable for these 2. Everything else, not matter how
strong, was cracked very quickly.

So your password on modules isn't worth anything if you think somebody who
knows how to type 'Access' and 'Password' into a search engine and who is
prepared to cough up a few dollars will be interested in your app.

Like Tom says, make the mdb with the code in into an MDE. Better still,
encrypt the MDB, _then_ make it into an MDE.

If it's the actual data you want to protect, then just use NT permissions on
the backend file. Use Access security to deny direct access to the BE tables
and RWOP queries to get at the data in the FE. Rename the BE files to
something daft, get rid of the .mdb extension, so that it's not obvious, put
them in a non obvious folder. And so on and so forth.

If you search in the archives you will find a pretty long thread with me,
David W Fenton and Michael Kaplan and others discussing at length whether
any of the steps I suggest amount to 'meaningful' security. You must make up
your own mind. The thread is 'Security - more complex than I thought'.

You don't actually say what you want to prevent. So it may be that nobody is
very interested in nicking your stuff, so a low level of 'security' may be
enough. The locks on my front door probably aren't as good as the ones on
the jewellers at the top of the street.

Yours, Mike MacSween
"Jason Smith" <no***********@cox.net> wrote in message
news:d2**************************@posting.google.c om...
I have recently designed an application in Ms Access with the
folllowing security:

1) Database is split into a front-end / backend with linked tables
2) All modules are password protected
3) Bypass shift code used to disable bypassing startup routines
4) Users enter database through login screen which checks login from
an Access table. This table is imported; not linked in the front-end.
5) The menubar on the startup form has been set to "=1" meaning no
menu will appear on this form.

How secure is this application? Is there still a way for users to get
into the design mode of the front-end or modify any code in the
database? Can more be done to increase security? Is this better than
the security built in Access using the workgroup file?

Any input would be greatly appreciated.

Nov 13 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.