Just Stumbled upon a MASSIVE security issue... Resolutions?

Its me again... and i have a new problem.....

i am trying to make my holiday database as secure as possible and at the moment i am trying to lock out all startup options and whatnot to restrict access to the DB.

but it is possible to create a new DB (blank) and import the tables etc from the Holiday DB and then do update queries etc on the original with no authorisation...

so someone could potentially (Quite easily) mess with the DB in any way they want and Most worrying.... delete everything!!!

is there anyway to Lock this action out!?

Im quite worried about this now that i have stumbled upon it because if this is the case then my DB will not be a viable project and i will have wasted MANY HOURS of my FREE TIME doing it..

Please Help...


Thanks Dan

Hey Dan!

Sorry for your troubles, let's see how we can begin pinning it down. Please do stay tuned for other options from our friends here. In fact, I may refer you to a link specific to disabling special keys, and so on, for which I am proud to admit this forum has helped stear it in the right direction.

First off I think you're on the right track, your startup options will help keep it solid, you can even set up a password for your code to hinder user ability to see code.

(1) Keep a template of current database
(3) Hide your database under Window menu (Hide/Unhide option)
(2) Go under tools, options, uncheck hidden objects in the pop up

Hopefully you had already right-clicked on forms, tables, queries one by one,
and selecting properties to check hidden objects option(this enables hidden objects method to interact freely with Option 3 above

(4) uncheck anything showing in startup, via tools, Startup
(5) You will want to figure out a way to undo all of the above so you work with things, therefore holding down shit key as database loads aid in viewing your hiden objects and so on

(6) Add a password to your special keys to demand that user adds a password to enable certain special keys (There's probably a code here on how on to do this part of it)...

Hope this helps get you going, nonetheless Dan...please stay tuned, and do find that link here for added support if needed:-)

Almost forgot, you can add a password to hide you VBA code:

A- right-click on any of your command buttons
B- scroll down to OnClick event procedure
C- fire those three little dots in box thingee
D- Go to tools, YourDatabaseName Log properties
E- Hit Protection tab
F- Check Lock project for viewing
G- Add a password

Save, that normal stuff and fire your forms and attempt to do A-C

Good luck with project, Dan, I can almost say I know what you're feeling:-)

In a bit!

its the fact that the data stored in that database can be imported into another database and action queries can be done on the original that bothers me!!

i can lock down the database quite well apart from that.

using the access security features dont suit my needs (in terms of user functionality)...

thanks Dan

Management should be made aware of your concerns.

No matter how hard you try to lock an Access Database down - there's a savy user that can do some research and find a way in. I was one of those savy users at one point.

Sometimes the enduser needs more than he/she is given and tries to get to what they actually want on their own.

Sometimes the data owner will not give up access to the data the enduser needs and that prompts the enduser to try to get the info they need.

Accounting Department here is notorius for asking for reports but not giving access to some of their data sources to make reporting easier.

If someone needs more info or other data elements, find out why and if it is a part of their business process.

Dan,

Open your database (the one with the data in) and use Tools / Security / Set Database Password... to set a password for the database as a whole.
Anyone trying to link to any tables in your database will now need to know this password.

Let us know if this resolves your issues :)

No that wouldnt work because everyone would need to know the password to use the db
which defeats the object really!!

I wasn't aware you'd indicated in any way this is a standalone database. If I'd assumed that then you'd have reason for considering my response unintelligent.
Even so, I would consider setting it up as a FE / BE system and password protecting the Back-End database. The password is only required for the Front-End database when setting up the links.

Developing the last suggestion, the BE can be in a hidden folder on the server, a couple of levels down.

If the front end is secure even a savvy user would have difficulty knowing where to look.

We do it to stop people walking off with the databse on a pen-drive!

S7

Would it be easy to split my DB into a front end and a back end at this late stage??

i have lots of queries and VB code that might be quite specific...

Would it be easy to split my DB into a front end and a back end at this late stage??

i have lots of queries and VB code that might be quite specific...

It's a doddle to use the Wizard.

On a big database there might be a performance hit if the network is slow.

However, spliting the db is a first step should you want to migrate the data to SQLserver or even MySQL. Either of these would also give you better security.

S7

What about all my vb queries and and vb other bits? i would need to change them all to backend db right??

Pretty well only the tables need to be in the BE.
All the queries, VBA, forms, etc would remain in the FE.

Never get rid of the original until you're happy with the results though of course.

... Never get rid of the original until you're happy with the results though of course.

I'd go one further and say never get rid of the original. If you need to make a change down the track, better to start with the original, make your changes, then reapply the appropriate security.