By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,589 Members | 1,209 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,589 IT Pros & Developers. It's quick & easy.

protecting an access file

P: n/a
I wrote a access program that works well enough that a handful of
people would like to buy it from me.
My problem is that if I sell it to someone there is no mechanism that
I know of to protect them from giving it to anyone they feel like.

The program produces reports that are specific to a particular
organization but that does stop anyone from just modifying that report
to make it specific to another organization, who they might have given
it to.

Is there a way to convert the ms access file so that none of the
database structure or reports can be modified?

Complying it to an exe file would work but I have no idea how to do
that.

Lastly I am not talking big sales numbers here so I do not want to
spend $1000 bucks to protect something I might only make $800 bucks
on.

Thanks
Sep 26 '06 #1
Share this Question
Share on Google+
12 Replies


P: n/a
Hi Dr Hayes,

You can do this relatively easily.

First you must go into the start up menu and specify a form to display
on startup, at the same time disabling the special keys (ctrl + g, for
the debug window, and the like) and the built in toolbars.

You can write code that disables the shift key on start up routine,
also that disables switching in to design view from forms and reports,
you could possibly also write code that creates a value in the registry
the first time it is ran. The database would then check for that value
and if it did not exist the database would not run.

As a final note to you I would say that I would advise that you put
somethnig in that allows you access to the tables, as you could
possibly charge these organisations that you sell the database to for
support, new editons etc.

Nick

Dr. Edmund M. Hayes wrote:
I wrote a access program that works well enough that a handful of
people would like to buy it from me.
My problem is that if I sell it to someone there is no mechanism that
I know of to protect them from giving it to anyone they feel like.

The program produces reports that are specific to a particular
organization but that does stop anyone from just modifying that report
to make it specific to another organization, who they might have given
it to.

Is there a way to convert the ms access file so that none of the
database structure or reports can be modified?

Complying it to an exe file would work but I have no idea how to do
that.

Lastly I am not talking big sales numbers here so I do not want to
spend $1000 bucks to protect something I might only make $800 bucks
on.

Thanks
Sep 26 '06 #2

P: n/a
You can't "comply" it to an EXE, but you can generate an MDE file from
it. This "complys" the code and puts a password protection on it.
However, it's fairly easy to break with the right tools.

If you want to make it secure, convert it to VB6. I believe VB6 will
allow you to import forms and such directly from Access.

You can also assume the people you sell it to aren't handy with crack
tools, so your best bet to keep it in Access is to convert to MDE and
create a serial number generator that writes to the registry. You can
then check the registry against the serial number entered and deny
access to the database if they don't match. I've done this before,
it's not too difficult if you know VBA well and it adds an extra
measure of security.

Dr. Edmund M. Hayes wrote:
I wrote a access program that works well enough that a handful of
people would like to buy it from me.
My problem is that if I sell it to someone there is no mechanism that
I know of to protect them from giving it to anyone they feel like.

The program produces reports that are specific to a particular
organization but that does stop anyone from just modifying that report
to make it specific to another organization, who they might have given
it to.

Is there a way to convert the ms access file so that none of the
database structure or reports can be modified?

Complying it to an exe file would work but I have no idea how to do
that.

Lastly I am not talking big sales numbers here so I do not want to
spend $1000 bucks to protect something I might only make $800 bucks
on.

Thanks
Sep 26 '06 #3

P: n/a

"ManningFan" <ma********@gmail.comschreef in bericht news:11**********************@b28g2000cwb.googlegr oups.com...
You can't "comply" it to an EXE, but you can generate an MDE file from
it. This "complys" the code and puts a password protection on it.
However, it's fairly easy to break with the right tools.
Hmmm, this part of the info is not correct...

An mde creates *no password* on the code.
No password protection, thus no breaking-password-possibility
(cause there simply is no password)

But creating an mde would indeed be the simplest way to protect the design.
Also this prevents people from creating new reports or modifying existing ones.

Arno R

Sep 26 '06 #4

P: n/a
My bad, I was thinking of 2 different projects I was working on.

With an MDE you can enter "Design Mode" in Tables, Queries and Macros.
"Design Mode" on Reports, Forms and Modules is disabled, there is no
password. There is an MDE Unlocker I've seen, but it isn't very
reliable.

If you're going to go this route, MAKE SURE YOU BACKUP YOUR .MDB FILE!!
Once you convert to .MDE there's no going back, and if you need to
edit code later on you'll be screwed if you don't have an .MDB version
available.

Arno R wrote:
"ManningFan" <ma********@gmail.comschreef in bericht news:11**********************@b28g2000cwb.googlegr oups.com...
You can't "comply" it to an EXE, but you can generate an MDE file from
it. This "complys" the code and puts a password protection on it.
However, it's fairly easy to break with the right tools.

Hmmm, this part of the info is not correct...

An mde creates *no password* on the code.
No password protection, thus no breaking-password-possibility
(cause there simply is no password)

But creating an mde would indeed be the simplest way to protect the design.
Also this prevents people from creating new reports or modifying existing ones.

Arno R
Sep 26 '06 #5

P: n/a
RLN
>>so your best bet to keep it in Access is to convert to MDE and create
a serial number generator that writes to the registry. You can then
check the registry against the serial number entered and deny access to
the database if they don't match. I've done this before, it's not too
difficult if you know VBA well and it adds an extra
measure of security.<<

Interesting idea for security.
Do you have a code sample to share how you did this?
I have never written to or interrogated the registry from Access beofre
and would like to do this because we have an application we need to
secure.

Thanks.
*** Sent via Developersdex http://www.developersdex.com ***
Sep 26 '06 #6

P: n/a
Unfortunately this is one of my "bread & butter" pieces which gets sold
with most of my code, so I can't post it here.

I can tell you (to further bend your mind) that I can enable or disable
certain functionality in my programs based on the serial number I
supply to my customers. It's fairly easy to create a generator which
takes a serial (say, 52431) and performs a function on it (i.e.
multiply the first number x 1, 2nd number x 2, 3rd number x 3, etc...)
and check the result against a number. This way you can also assign
distinct serials to each customer since more than one combination will
achieve the same end result.

Google "registry write VBA", you should find something decent to get
you started. It took me about 40 computing hours to develop the code,
I wouldn't want to deprive anyone of the fun I had by just handing it
to them... :oP

RLN wrote:
>so your best bet to keep it in Access is to convert to MDE and create
a serial number generator that writes to the registry. You can then
check the registry against the serial number entered and deny access to
the database if they don't match. I've done this before, it's not too
difficult if you know VBA well and it adds an extra
measure of security.<<

Interesting idea for security.
Do you have a code sample to share how you did this?
I have never written to or interrogated the registry from Access beofre
and would like to do this because we have an application we need to
secure.

Thanks.
*** Sent via Developersdex http://www.developersdex.com ***
Sep 26 '06 #7

P: n/a
"ManningFan" <ma********@gmail.comwrote
If you want to make it secure, convert it to VB6.
I believe VB6 will allow you to import forms
and such directly from Access.
No, you cannot import "forms and such" directly from Access into VB6. The
object models are different, although they superficially appear similar.
Some VB code can be copied and pasted, but because the object models are
different, much will also have to be rewritten. VB6 isn't a good answer to
an Access security problem.

Larry Linson
Microsoft Access MVP
Sep 26 '06 #8

P: n/a
"Dr. Edmund M. Hayes" <ed@edhayes.comwrote
I wrote a access program that works well
enough that a handful of people would like
to buy it from me. My problem is that if I
sell it to someone there is no mechanism
that I know of to protect them from giving
it to anyone they feel like.
No, there is not, and none of the suggestions for security I see here can do
so. If you secure it, you'll have to give a password for access to the
purchaser, and the purchaser could pass on the database and the password to
someone else. So, no, you cannot prevent them giving it to someone to use.
The program produces reports that are
specific to a particular organization but
that does stop anyone from just modifying
that report to make it specific to another
organization, who they might have given
it to.
You can make it difficult or expensive for someone to change the design.
Is there a way to convert the ms access file
so that none of the database structure or
reports can be modified?
As has been suggested, compiling to "MDE" will prevent the Forms, Reports,
and Modules from being opened in Design View. As has also been said, this
isn't break-proof, either.
Complying it to an exe file would work but
I have no idea how to do that.
Access databases cannot be compiled to .EXE. But, even if they could, .EXEs
can be broken, too. No software security is absolute.

However, the combination of compiling to MDE and applying Access' user and
group-level security will provide a measure of protection. User and group
level security it "not for the faint of heart" -- it is still, as was said
by Roger Jennings, in his "Access 2.0 Developer's Guide", "labrynthine."
There is a security FAQ which you can reach via
http://support.microsoft.com/?id=207793. Just be aware, when I last printed
it, it was 39 single-spaced pages, and none of it was "filler."
Lastly I am not talking big sales numbers here
so I do not want to spend $1000 bucks to protect
something I might only make $800 bucks on.
Your very best protection is a combination of the MDE and Access' security,
and having your price reasonable to provide the software with customization
for the specific user organization.

Larry Linson
Microsoft Access MVP

Sep 26 '06 #9

P: n/a

Larry Linson wrote:
.....
However, the combination of compiling to MDE and applying Access' user and
group-level security will provide a measure of protection. User and group
level security it "not for the faint of heart" -- it is still, as was said
by Roger Jennings, in his "Access 2.0 Developer's Guide", "labrynthine."
There is a security FAQ which you can reach via
http://support.microsoft.com/?id=207793. Just be aware, when I last printed
it, it was 39 single-spaced pages, and none of it was "filler."
.....

No doubt!

I've been working on a security model for about 3 months, and still
don't have, what I feel, is an adequate solution. The security FAQ is a
must read, as mentioned, if you intend to distribute with any hope of
making your app hacker resistant. Hacker or Slacker (someone who just
hands out your candy) is not achievable in Access, but you can deter
the unambitious and common users via the built-in security and an .mde.
In fact, Access user-level security is more about protecting code and
derailing fat fingers than actually "protecting" sensitive data.

As for the serial number generator, don't forget to include a check sum
in the last one or two digits, depending on whether you use decimal or
hexadecimal values for the serialization. They really aren't that hard
to generate, but if you are a vendor for an enterprise-level hardware
provider who locks down their registries adequately, this whole thing
gets very tricky, even with properly apportioned API calls.

Sep 27 '06 #10

P: n/a

Larry Linson wrote:
....
However, the combination of compiling to MDE and applying Access' user and
group-level security will provide a measure of protection. User and group
level security it "not for the faint of heart" -- it is still, as was said
by Roger Jennings, in his "Access 2.0 Developer's Guide", "labrynthine."
There is a security FAQ which you can reach via
http://support.microsoft.com/?id=207793. Just be aware, when I last printed
it, it was 39 single-spaced pages, and none of it was "filler."
....

No doubt!
I've been working on a security model for about 3 months, and still
don't have, what I feel, is an adequate solution. The security FAQ is a

must read, as mentioned, if you intend to distribute with any hope of
making your app hacker resistant. Hacker or Slacker (someone who just
hands out your candy) proof is not achievable in Access, but you can
deter
the unambitious and common users via the built-in security/.mde model.
In fact, Access user-level security is more about protecting code and
derailing fat fingers than actually "protecting" sensitive data.
As for the serial number generator, don't forget to include a check sum

in the last one or two digits, depending on whether you use decimal or
hexadecimal values for the serialization. They really aren't that hard
to generate, but if you are a vendor for an enterprise-level hardware
provider who locks down their registries adequately, this whole thing
gets very tricky, even with properly apportioned API calls.

Sep 27 '06 #11

P: n/a
Dr. Edmund M. Hayes wrote:
I wrote a access program that works well enough that a handful of
people would like to buy it from me.
My problem is that if I sell it to someone there is no mechanism that
I know of to protect them from giving it to anyone they feel like.

The program produces reports that are specific to a particular
organization but that does stop anyone from just modifying that report
to make it specific to another organization, who they might have given
it to.

Is there a way to convert the ms access file so that none of the
database structure or reports can be modified?

Complying it to an exe file would work but I have no idea how to do
that.

Lastly I am not talking big sales numbers here so I do not want to
spend $1000 bucks to protect something I might only make $800 bucks
on.
Every secured Access application that was worth the effort has been
broken and freely distributed around the world, for free use,
modification whatever.
No secured Access application has been broken and freely distributed
around the world.

Sep 27 '06 #12

P: n/a
"Jamey Shuemaker" <ca*********@yahoo.comwrote in
news:11********************@d34g2000cwd.googlegrou ps.com:
As for the serial number generator, don't forget to include a
check sum in the last one or two digits, depending on whether you
use decimal or hexadecimal values for the serialization. They
really aren't that hard to generate, but if you are a vendor for
an enterprise-level hardware provider who locks down their
registries adequately, this whole thing gets very tricky, even
with properly apportioned API calls.
And also make sure that you encrypt the MDE, because otherwise, all
constants will be readable with any file viewer (like Wordpad).

--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/
Sep 27 '06 #13

This discussion thread is closed

Replies have been disabled for this discussion.