How can I stop people have access to my MS Access Tables and Queries via Import?

<carriolan@> wrote in message
news:pv********************************@4ax.com...

Hi
I have an MS Access based application almost ready for distribution to
the public and I find that even though I have compiled it into an MDE
file, tables and queries can still be be imported if accessed by
another MS Access database. How can I stop this please?

User-level security. Not for the faint-hearted and not resistant to a
determined hacker with the right tools but good enough to keep out nosey
parkers. Check out the MS FAQ on Access security (link on my web site) and
Google Access groups for Jeff Conrad who has some useful stuff too.

HTH - Keith.
www.keithwilby.com

Hi Keith
I am going through the MS FAQ as you suggested. Agreed it is not for
the faint hearted! I have one more quested. As my program is for
distratibution to the general public as shareware, is using this type
of security valid?
Regards
Carriolan

On Tue, 6 Dec 2005 16:06:02 -0000, "Keith W" <he**@there.com> wrote:

<carriolan@> wrote in message
news:pv********************************@4ax.com.. .

Hi
I have an MS Access based application almost ready for distribution to
the public and I find that even though I have compiled it into an MDE
file, tables and queries can still be be imported if accessed by
another MS Access database. How can I stop this please?

User-level security. Not for the faint-hearted and not resistant to a
determined hacker with the right tools but good enough to keep out nosey
parkers. Check out the MS FAQ on Access security (link on my web site) and
Google Access groups for Jeff Conrad who has some useful stuff too.

HTH - Keith.
www.keithwilby.com

<carriolan@> wrote in message
news:ev********************************@4ax.com...

Hi Keith
I am going through the MS FAQ as you suggested. Agreed it is not for
the faint hearted! I have one more quested. As my program is for
distratibution to the general public as shareware, is using this type
of security valid?
Regards
Carriolan

What do you mean by "valid"? As I stated previously, it won't stop a
determined hacker with the right tools from breaking in, so you'd have to do
a risk assessment to determine the likelihood of it happening and whether or
not you care if it does. One further layer of protection is to convert your
front end into an mde file, which is a fully compiled version of your mdb,
hence no code is visible. A hacker would then have to reverse engineer your
functionality into code in order to "steal" it.

HTH - Keith.
www.keithwilby.com

Hi Keith
I am a newbie at this; especially with regards to Access security.
Could you clarify some points for me please.
1. Is it possible to associate a MDW file with a specific Access app
without affecting other MS Acees applications on the same pc?
2. Is it possible to setup an MDW file giving users full data
permissions with no password (Administrator roghts being passworded)?
I do not want users having to log in

What I am really trying to do is stop the 'man in the street, from
unhiding my tables and taking the data. I realise that it will never
be bullet proof.

Regards
Carriolan


On Wed, 7 Dec 2005 08:46:03 -0000, "Keith W" <he**@there.com> wrote:

<carriolan@> wrote in message
news:ev********************************@4ax.com.. .

Hi Keith
I am going through the MS FAQ as you suggested. Agreed it is not for
the faint hearted! I have one more quested. As my program is for
distratibution to the general public as shareware, is using this type
of security valid?
Regards
Carriolan

What do you mean by "valid"? As I stated previously, it won't stop a
determined hacker with the right tools from breaking in, so you'd have to do
a risk assessment to determine the likelihood of it happening and whether or
not you care if it does. One further layer of protection is to convert your
front end into an mde file, which is a fully compiled version of your mdb,
hence no code is visible. A hacker would then have to reverse engineer your
functionality into code in order to "steal" it.

HTH - Keith.
www.keithwilby.com

How much is the data in your tables worth? Workable "cracks" for Access can
be purchased for around US$150 -- if the price has not gone up or down in
the past year or so.

It is possible to associate a workgroup file, but it is also possible that
the user might "join" that file, so that it is used no matter what Access
database they try to open.

The way you require a password is to put a password on the Admin account.
Once that is done, every user requires a password. If I recall correctly,
you can distribute a copy of your application with the user rights assigned
to the Users group, and all users removed from Admins... so the security
applies, but they do not have to log in. (But, I'd recommend checking the
Security FAQ carefully and Googling this newsgroup archives on the subject.)

And, as far as stealing the application itself, few Access database
applications are so mysterious that an experienced Access developer can't
observe the application in operation and re-create it in substantially less
time than the original development required. After all, the "heavy lifting"
of how to apply Access to the business issue has already been done, and
can't be hidden.

Larry Linson
Microsoft Access MVP
<carriolan@> wrote in message
news:6q********************************@4ax.com...

Hi Keith
I am a newbie at this; especially with regards to Access security.
Could you clarify some points for me please.
1. Is it possible to associate a MDW file with a specific Access app
without affecting other MS Acees applications on the same pc?
2. Is it possible to setup an MDW file giving users full data
permissions with no password (Administrator roghts being passworded)?
I do not want users having to log in

What I am really trying to do is stop the 'man in the street, from
unhiding my tables and taking the data. I realise that it will never
be bullet proof.

Regards
Carriolan


On Wed, 7 Dec 2005 08:46:03 -0000, "Keith W" <he**@there.com> wrote:

<carriolan@> wrote in message
news:ev********************************@4ax.com. ..

Hi Keith
I am going through the MS FAQ as you suggested. Agreed it is not for
the faint hearted! I have one more quested. As my program is for
distratibution to the general public as shareware, is using this type
of security valid?
Regards
Carriolan

What do you mean by "valid"? As I stated previously, it won't stop a
determined hacker with the right tools from breaking in, so you'd have to
do
a risk assessment to determine the likelihood of it happening and whether
or
not you care if it does. One further layer of protection is to convert
your
front end into an mde file, which is a fully compiled version of your mdb,
hence no code is visible. A hacker would then have to reverse engineer
your
functionality into code in order to "steal" it.

HTH - Keith.
www.keithwilby.com

Hi Larry
My objective is to prevent an average user from being able to gain
access to my tables. I use SageKey installer scripts to install all
the Access runtime files, but was suprised to find that a user with MS
Office could use Access to extract the data tables from my
application. I have discovered that whether I encrypt the database or
hide my tables any user with Access has Admin rights and can gain
access.

The things which I need to know in principle before studying the
subject in detail is:
1. Can a MDW file be applied to a specific MDB file without applying
to all the other MDB files on the target PC, [from other discussions
on this group it is far from being clear]?
2. Can I password only the Admin leaving the Users with Full data
rights without having to login?
3.If I do manage to do 1) and 2) above can a user delete the MDW file
to gain access to my database or will the database cease to function?
Regards
--
Carriolan

caOn Sat, 10 Dec 2005 17:53:56 GMT, "Larry Linson"
<bo*****@localhost.not> wrote:

How much is the data in your tables worth? Workable "cracks" for Access can
be purchased for around US$150 -- if the price has not gone up or down in
the past year or so.

It is possible to associate a workgroup file, but it is also possible that
the user might "join" that file, so that it is used no matter what Access
database they try to open.

The way you require a password is to put a password on the Admin account.
Once that is done, every user requires a password. If I recall correctly,
you can distribute a copy of your application with the user rights assigned
to the Users group, and all users removed from Admins... so the security
applies, but they do not have to log in. (But, I'd recommend checking the
Security FAQ carefully and Googling this newsgroup archives on the subject.)

And, as far as stealing the application itself, few Access database
applications are so mysterious that an experienced Access developer can't
observe the application in operation and re-create it in substantially less
time than the original development required. After all, the "heavy lifting"
of how to apply Access to the business issue has already been done, and
can't be hidden.

Larry Linson
Microsoft Access MVP
<carriolan@> wrote in message
news:6q********************************@4ax.com.. .

Hi Keith
I am a newbie at this; especially with regards to Access security.
Could you clarify some points for me please.
1. Is it possible to associate a MDW file with a specific Access app
without affecting other MS Acees applications on the same pc?
2. Is it possible to setup an MDW file giving users full data
permissions with no password (Administrator roghts being passworded)?
I do not want users having to log in

What I am really trying to do is stop the 'man in the street, from
unhiding my tables and taking the data. I realise that it will never
be bullet proof.

Regards
Carriolan


On Wed, 7 Dec 2005 08:46:03 -0000, "Keith W" <he**@there.com> wrote:

<carriolan@> wrote in message
news:ev********************************@4ax.com ...
Hi Keith
I am going through the MS FAQ as you suggested. Agreed it is not for
the faint hearted! I have one more quested. As my program is for
distratibution to the general public as shareware, is using this type
of security valid?
Regards
Carriolan

What do you mean by "valid"? As I stated previously, it won't stop a
determined hacker with the right tools from breaking in, so you'd have to
do
a risk assessment to determine the likelihood of it happening and whether
or
not you care if it does. One further layer of protection is to convert
your
front end into an mde file, which is a fully compiled version of your mdb,
hence no code is visible. A hacker would then have to reverse engineer
your
functionality into code in order to "steal" it.

HTH - Keith.
www.keithwilby.com

carriolan@ wrote:

Hi Larry
My objective is to prevent an average user from being able to gain
access to my tables. I use SageKey installer scripts to install all
the Access runtime files, but was suprised to find that a user with MS
Office could use Access to extract the data tables from my
application. I have discovered that whether I encrypt the database or
hide my tables any user with Access has Admin rights and can gain
access.

The things which I need to know in principle before studying the
subject in detail is:
1. Can a MDW file be applied to a specific MDB file without applying
to all the other MDB files on the target PC, [from other discussions
on this group it is far from being clear]?
MDW files are not "applied" to MDB files. The MDB has a list of security
profiles that it will allow various access levels for. If you use an MDW file
that contains those profiles then you can get into the file. If you use one
that doesn't then you can't. So there is a sort of relationship between MDW and
MDB, but not a hard link as many people erroneously believe.

The selection of the MDW file actually occurs when Access is launched, before
any particular MDB file loading is even attempted. Which MDW file is used by
Access is determined by either providing the desired file as a command line
argument or if one is not provided Access will use the default MDW file for the
user as determined by settings in the registry. You are changing the default
MDW file when you "Join" a workgroup using the workgroup administrator utility.

So, to accomplish what you want you leave the user joined to the default
System.mdw file and have your application open with a shortcut that specifies a
different MDW file in the command line. The target for the shortcut would look
like...

"path to MSAccess.exe" /wrkgrp "path to desired MDW" "path the MDB to be opened"

If the user then tried to open the file without using your shortcut the wrong
MDW file would be used and they would get an Access Denied error.
2. Can I password only the Admin leaving the Users with Full data
rights without having to login?
No. Having a password on the Admin user is exactly what triggers the login
prompt. If you don't want them to login then you cannot have a password on the
Admin account. You could supply a username and password as additional command
line arguments in your shortcut though. This would log them in without being
prompted.

You can also grant the normal permissions that you want users to have to the
default group "Users". This group would ordinarily be granted zero permissions
in a secured app. However; if you grant to this group the level of permissions
that you want normal users to have then your users will be able to open the file
without logging in and will be able to do so with ANY workgroup file. Your
secured MDW file would only be needed when you wanted to login with a different
account that had higher permission levels.
3.If I do manage to do 1) and 2) above can a user delete the MDW file
to gain access to my database or will the database cease to function?
Regards

The database would cease to function.
--
I don't check the Email account attached
to this message. Send instead to...
RBrandt at Hunter dot com

Thanks I'll give this a try.
Regards
Carriolan
On Sun, 11 Dec 2005 13:46:03 GMT, "Rick Brandt"
<ri*********@hotmail.com> wrote:

carriolan@ wrote:

Hi Larry
My objective is to prevent an average user from being able to gain
access to my tables. I use SageKey installer scripts to install all
the Access runtime files, but was suprised to find that a user with MS
Office could use Access to extract the data tables from my
application. I have discovered that whether I encrypt the database or
hide my tables any user with Access has Admin rights and can gain
access.

The things which I need to know in principle before studying the
subject in detail is:
1. Can a MDW file be applied to a specific MDB file without applying
to all the other MDB files on the target PC, [from other discussions
on this group it is far from being clear]?

MDW files are not "applied" to MDB files. The MDB has a list of security
profiles that it will allow various access levels for. If you use an MDW file
that contains those profiles then you can get into the file. If you use one
that doesn't then you can't. So there is a sort of relationship between MDW and
MDB, but not a hard link as many people erroneously believe.

The selection of the MDW file actually occurs when Access is launched, before
any particular MDB file loading is even attempted. Which MDW file is used by
Access is determined by either providing the desired file as a command line
argument or if one is not provided Access will use the default MDW file for the
user as determined by settings in the registry. You are changing the default
MDW file when you "Join" a workgroup using the workgroup administrator utility.

So, to accomplish what you want you leave the user joined to the default
System.mdw file and have your application open with a shortcut that specifies a
different MDW file in the command line. The target for the shortcut would look
like...

"path to MSAccess.exe" /wrkgrp "path to desired MDW" "path the MDB to be opened"

If the user then tried to open the file without using your shortcut the wrong
MDW file would be used and they would get an Access Denied error.

2. Can I password only the Admin leaving the Users with Full data
rights without having to login?

No. Having a password on the Admin user is exactly what triggers the login
prompt. If you don't want them to login then you cannot have a password on the
Admin account. You could supply a username and password as additional command
line arguments in your shortcut though. This would log them in without being
prompted.

You can also grant the normal permissions that you want users to have to the
default group "Users". This group would ordinarily be granted zero permissions
in a secured app. However; if you grant to this group the level of permissions
that you want normal users to have then your users will be able to open the file
without logging in and will be able to do so with ANY workgroup file. Your
secured MDW file would only be needed when you wanted to login with a different
account that had higher permission levels.

3.If I do manage to do 1) and 2) above can a user delete the MDW file
to gain access to my database or will the database cease to function?
Regards

The database would cease to function.