473,326 Members | 2,048 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Database security

I have read many long articles in this group about securing my
database for distribution. This is the advise I have taken:

1. Hardcoded the purchasing company's name into the program. The
limitations are that the company can't get a instant download as I
need to manually code their name. That's fine for now.

2. Make both the front and the backend databases MDE. This protects
my code.

3. I will implement the lock software at www.zappersoftware.com to
require a registration code on install which would be limiting only in
that the program would now be machine specific.

With those 2-1/2 or 3 things done, why would I want to implement MS
Security as found in the Security FAQ on the Microsoft site?

The way I see it, with #3 they can't really copy the database. If
they do figure out a way to copy it they would still be limited to
having that certain company name (#1) appearing on all forms &
reports. With #2, they can't touch my code.

Is there something I'm missing. What benefit would the MS Security be
for my situation?

Thanks,

Paul .V.
Nov 13 '05 #1
5 1274
One of the main reasons that people use Access security is so that they can
set up a variety of "roles"; some users can perform certain functions but
not others; other users may have a different set of functions they can
perform on the same database.

"Paul .V." <pr*******@shaw.ca> wrote in message
news:41**************************@posting.google.c om...
I have read many long articles in this group about securing my
database for distribution. This is the advise I have taken:

1. Hardcoded the purchasing company's name into the program. The
limitations are that the company can't get a instant download as I
need to manually code their name. That's fine for now.

2. Make both the front and the backend databases MDE. This protects
my code.

3. I will implement the lock software at www.zappersoftware.com to
require a registration code on install which would be limiting only in
that the program would now be machine specific.

With those 2-1/2 or 3 things done, why would I want to implement MS
Security as found in the Security FAQ on the Microsoft site?

The way I see it, with #3 they can't really copy the database. If
they do figure out a way to copy it they would still be limited to
having that certain company name (#1) appearing on all forms &
reports. With #2, they can't touch my code.

Is there something I'm missing. What benefit would the MS Security be
for my situation?

Thanks,

Paul .V.

Nov 13 '05 #2
On 4 Feb 2005 17:41:43 -0800, pr*******@shaw.ca (Paul .V.) wrote:

Re 2: There should typically not be any code in the backend db, so it
should be an MDB.

MacDermott is correct about the role-based security. Let's say there
is a Salary table that not everyone should have access to...

-Tom.

I have read many long articles in this group about securing my
database for distribution. This is the advise I have taken:

1. Hardcoded the purchasing company's name into the program. The
limitations are that the company can't get a instant download as I
need to manually code their name. That's fine for now.

2. Make both the front and the backend databases MDE. This protects
my code.

3. I will implement the lock software at www.zappersoftware.com to
require a registration code on install which would be limiting only in
that the program would now be machine specific.

With those 2-1/2 or 3 things done, why would I want to implement MS
Security as found in the Security FAQ on the Microsoft site?

The way I see it, with #3 they can't really copy the database. If
they do figure out a way to copy it they would still be limited to
having that certain company name (#1) appearing on all forms &
reports. With #2, they can't touch my code.

Is there something I'm missing. What benefit would the MS Security be
for my situation?

Thanks,

Paul .V.


Nov 13 '05 #3
I have setup my own internal security to limit users to specific
activities so it sounds to me like I do not need to use the Access
Security.

On another note, I put my current project backend to an mde because
somewhere in the help file I read that both files must be mde to work
although an older project I worked on I did exactly as you said...My
frontend is a mde and the backend is an mdb. I wonder why the help file
says that won't work.

Thanks for your input(s),

Paul .V.

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 13 '05 #4
"Need" is always a relative term.
In my experience, as a general rule, developer-created internal security
systems are not as secure as Access's own security.
Which is not to tout Access Security -
a simple Google search will find you several low-cost options to crack
even that.
I've contended for some time that if you have an internal application, and
employees who are clearly circumventing the established rules about who can
do what in that application, you have an HR problem more than an IT problem.

As for the help files -
I'm not connected with Microsoft, other than as a user, but I see Help
file development like this:
You can't write an effective help file until the product is finished,
because what you document could change.
Once the product is finished, there's tremendous pressure to release it -
nobody wants to wait for the help files to be finished.
You can still find scattered references in the Help files to using
Access on McIntosh machines - something which has never, to my knowledge,
gotten past the drawing boards.
It's also been my experience that the quality of Access Help files has
declined with each release. (I still sometimes go back to Access 97 help,
because it's so much easier to find things there. But I can remember when
that first came out, how much I missed the printed Access 2.0 help.)
Nevertheless, Access Help is the first place I go to answer my Access
questions, and it's rare for me to have to go further than that. It's a
good product, but not perfect - doesn't excuse us from doing our own
thinking. But then, that's what we programmers do, isn't it?

"Paul V" <pr*******@shaw.ca> wrote in message news:42**********@127.0.0.1...
I have setup my own internal security to limit users to specific
activities so it sounds to me like I do not need to use the Access
Security.

On another note, I put my current project backend to an mde because
somewhere in the help file I read that both files must be mde to work
although an older project I worked on I did exactly as you said...My
frontend is a mde and the backend is an mdb. I wonder why the help file
says that won't work.

Thanks for your input(s),

Paul .V.

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 13 '05 #5
Yep, you're right. My internal security probably isn't as secure as
Access security but I did realise that upon setting it up. I also agree
with you in that that poses the question more of HR problems rather than
IT problems. The way I see it for now, if someone decides to mess with
the tables then "I'm on by the hour" to fix what has been done. It's
always possible to make something more secure but for the intended
purpose of this program, my security messures should suffice.

Thanks again for all your input. It sounds as though I have taken the
necessary steps to secure my database for distribution.

Paul .V.

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 13 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: Sarah Tanembaum | last post by:
I was wondering if it is possible to create a secure database system using RDBMS(MySQL, Oracle, SQL*Server, PostgreSQL etc) and web scripting/programming language(Perl, PHP, Ruby, Java, ASP, etc)...
2
by: Fran Tirimo | last post by:
I am developing a small website using ASP scripts to format data retrieved from an Access database. It will run on a Windows 2003 server supporting FrontPage extensions 2002 hosted by the company...
3
by: Nascimento, Daniel | last post by:
i tried to create a conecction to a database MSAccess 2002 with Microsoft JET 4.0 OLE Provider but it gives me the error: 'Teste connection failed because of an error in initializating provider....
4
by: Nicolae Fieraru | last post by:
Hi All, I am working on a web site in asp which will be hosted on a Windows 2003 server. I use the following code to connect to the database: Set objConn =...
5
by: kai | last post by:
Hi, All I try to block some one import my Access database tables using Access database. I used password protection, but if some one crack through my password, are there any other methods to...
5
by: lappy | last post by:
Hello, I have written a small programme to compact an access 97 database. Dim je As New JRO.JetEngine ' Compacts database Data.Mdb to Data2.mdb. je.CompactDatabase...
4
by: Ant | last post by:
I am trying to apply security to a database I have just finished. The application is split into a back end of tables and a front end of forms etc. I need some users to have access to forms based on...
6
by: clusardi2k | last post by:
Hello again, I have to go home and read up on Access. But, I have read else-where in this newsgroup that I can just save the password in the database under scrutiny. Wouldn't it be wasteful...
3
by: jason | last post by:
I've been playing around with new (for 2.0) membershp functionality. I was able to build a simple login form that secures a directory on a project I built locally on my development desktop. ...
6
by: Ted | last post by:
I am construvcting a number of databases, some of which contain sensitive data and most of which do not. I am attempting to handle the security issues involved in protecting sensitive data in part...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.