Using Access 2003 ADE with SQL Server (various flavors)
Our Access ADE is locked down, so that users have to enter via the usual username/password route...
No-one can see the project window (database tables, queries, etc) and all updating is done through forms.
BUT>>>>
If a user loads up Excel, he can go Data -> Import External Data -> Import Data, whereupon all our backend tables, etc pop alarmingly into view!!! Aaaaargh
Other developers must have come across this 'feature', so if you have any suggestions as to plugging the leak I would be very pleased to hear them.
The only idea so far is to remove the Get External Data option from Excel
TIA
Steve
7 1452 NeoPa 32,556
Expert Mod 16PB
You can set the security on SQL server so that only an Application can see the tables. This would mean you'd have to use Application security in SQL Server which I only know of indirectly (never used it myself).
I'm lucky in a way - my users couldn't pick their own nose without assistance, so my security doesn't have to be all that much.
Hi NeoPa
You can set the security on SQL server so that only an Application can see the tables. This would mean you'd have to use Application security in SQL Server which I only know of indirectly (never used it myself).
I'm lucky in a way - my users couldn't pick their own nose without assistance, so my security doesn't have to be all that much.
I'm not sure that using Application level security will work, as Excel is using the ADE security, but I will certainly check it out.
Currently thinking about the folowing:- - set up the ADE with a connection through a user with VERY restricted access permissions to SQL
- on loading the login form, set up a connection via a high security user.....
Dunno if it'll work yet;-)
Thanks again
Steve
NeoPa 32,556
Expert Mod 16PB
Not a problem Steve.
You would have to use SQL Server security then - rather than linked Domain security (I can't think of the proper name for that but it depends on your Domain logon).
Hi NeoPa
You may be interested in the route we have taken... - Create a project custom property to hold the (encrypted) connection string;
- In VBA code, ensure that Persist Security info is turned OFF;
- Make sure sure that all Windows users have no rights to access SQL Server (ie, they won't be able to use a Trusted Connection);
- When the ADE starts, we look up the required connection info from the custom property, connect to SQL Server using the required access permissions, then remove the Persist Security setting (the project loses the password);
- At this point we have our required connection and no-one else can access the backend via our ADE, unless they know the admin logon & password).
That's basically it!
We've done basic testing & it seems to work....
Steve
NeoPa 32,556
Expert Mod 16PB
Nice one Steve.
I'm glad you got there - I don't think I could have taken you that far.
NeoPa
Do I get extra Brownie points for obscurity???
PS Merry Xmas to all you experts
Steve
NeoPa 32,556
Expert Mod 16PB
NeoPa
Do I get extra Brownie points for obscurity???
PS Merry Xmas to all you experts
Steve
Absolutely, but I'm afraid your post-count stays the same :(.
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Chung Leong |
last post by:
Building web sites with PHP is easy. Building secured web sites--in any
language--is hard. The end result is many PHP sites with security issues. I
thought therefore it would be a good idea to put...
|
by: grahamd |
last post by:
Who are the appropriate people to report security problems to
in respect of a module included with the Python distribution?
I don't feel it appropriate to be reporting it on general mailing
lists.
|
by: WhenAmIOn.com |
last post by:
Hi all,
I developed a web site that uses javascript and XMLHTTP to dynamically load
info on the page from the server without having to re-load the page.
Recently I've received complaints of it...
|
by: Pascal Vyncke |
last post by:
Hi,
I discovered a NEW security hole / exploit in IE6 with SP2 and all the
latest security patches.
Overview of the exploit:
* Bug for all Microsoft Internet Explorer users
* Can be...
|
by: comp.lang.php |
last post by:
On one of my sites, I have a TCL CGI script that has a security hole
in spite of it having effective server-side validation (the fact that
it's CGI IS its security hole). The front end is a PHP...
|
by: Mike MacSween |
last post by:
Further to 'Security - more complex than I thought'
Has anybody ever seen any studies? Or anecdotal evidence? Done any studies
themselves? Done any lab testing - you know - 10 users asked to get...
|
by: Patrick Olurotimi Ige |
last post by:
Huge security hole in .NET: Java creator
http://www.zdnet.com.au/news/security/0,2000061744,39179932,00.htm
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate...
|
by: Blair P. Houghton |
last post by:
I'm just learning Python, so bear with.
I was messing around with the webbrowser module and decided it was
pretty cool to have the browser open a URL from within a python script,
so I wrote a...
|
by: Chuck |
last post by:
Hello,
Does Dotnet 2.0 Framework still have the security hole that Dotnet 1.1
Framework had regarding HTTP-Post method for web services?
TIA
|
by: =?iso-8859-1?B?QW5kcuk=?= |
last post by:
A security hole has been uncovered in Crunchy (version 0.9.1.1 and
earlier).
Anyone using Crunchy to browse web tutorials should only visit sites
that are trustworthy.
We are working hard at...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |