"Tom van Stiphout" <no*************@cox.netwrote in message
news:qj********************************@4ax.com...
On Sat, 12 Jul 2008 13:01:26 -0500, RLN <no*******@devdex.comwrote:
.. You may also want to know that workgroup security is
not available in the new ACCDB format available with A2007. So you
know what the trend is...
I have never used A2007. What do they do instead of workgroup security? Is
it easier/better/worse? 13  1541 
On Sat, 12 Jul 2008 20:46:11 +0100, "Deano" <de***@mailinator.com>
wrote:
It is non-existent.
-Tom.
>
"Tom van Stiphout" <no*************@cox.netwrote in message
news:qj********************************@4ax.com.. .
>On Sat, 12 Jul 2008 13:01:26 -0500, RLN <no*******@devdex.comwrote:
. You may also want to know that workgroup security is
>not available in the new ACCDB format available with A2007. So you
know what the trend is...
I have never used A2007. What do they do instead of workgroup security? Is
it easier/better/worse?
Tom van Stiphout <no*************@cox.netwrote in
news:5s********************************@4ax.com:
On Sat, 12 Jul 2008 20:46:11 +0100, "Deano" <de***@mailinator.com>
wrote:
It is non-existent.
-Tom.
And better!
"lyle fairfield" <ly******@yah00.cawrote
>It is non-existent.
-Tom.
And better!
Considering the ease with which Access workgroup / user level security could
be broken, having none is, at least, "not all that much worse". :-)
Tom van Stiphout <no*************@cox.netwrote in
news:5s********************************@4ax.com:
[re: security in A2K7:]
It is non-existent.
Well, there *is* a strengthened database password (though that's not
even close to being comparable to Jet ULS).
--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/
"Larry Linson" <bo*****@localhost.notwrote in
news:tybek.74$Cw5.65@trnddc01:
Considering the ease with which Access workgroup / user level
security could be broken, having none is, at least, "not all that
much worse". :-)
Well, except that it does give you a place to track users. I often
use a workgroup file and user logons without passwords just to keep
track of who is who, and what groups they belong to (for
enabling/disabling features). I don't secure anything, I just use it
for user control. And it's quite handy for that.
The only real alternative is Active Directory, which requires
elevated permissions to manage.
--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/
On 13 Jul 2008 00:42:26 GMT, "David W. Fenton"
<XX*******@dfenton.com.invalidwrote:
I would not try to manage AD from your app, but rather simply use the
server's tools to manage it. Your app should only read role
membership.
-Tom.
>"Larry Linson" <bo*****@localhost.notwrote in
news:tybek.74$Cw5.65@trnddc01:
>Considering the ease with which Access workgroup / user level
security could be broken, having none is, at least, "not all that
much worse". :-)
Well, except that it does give you a place to track users. I often
use a workgroup file and user logons without passwords just to keep
track of who is who, and what groups they belong to (for
enabling/disabling features). I don't secure anything, I just use it
for user control. And it's quite handy for that.
The only real alternative is Active Directory, which requires
elevated permissions to manage.
"Tom van Stiphout" <no*************@cox.netwrote in message
news:5s********************************@4ax.com...
On Sat, 12 Jul 2008 20:46:11 +0100, "Deano" <de***@mailinator.com>
wrote:
It is non-existent.
-Tom.
Blimey, I guess you have to make your own solution. I can only presume they
gave a very good reason for this, even if workgroup security wasnt' that
great to begin with. It does seem like a major feature to drop.
Deano wrote:
"Tom van Stiphout" <no*************@cox.netwrote in message
news:5s********************************@4ax.com...
>On Sat, 12 Jul 2008 20:46:11 +0100, "Deano" <de***@mailinator.com>
wrote:
It is non-existent.
-Tom.
Blimey, I guess you have to make your own solution. I can only
presume they gave a very good reason for this, even if workgroup
security wasnt' that great to begin with. It does seem like a major
feature to drop.
If you just want to track users and provide "guidance" ULS was always way
more trouble that it was worth. Home-grown is a lot easier to put in place
and to maintain. The extra hassle of ULS was only worthwhile if the actual
"security" provided was real and it was not.
--
Rick Brandt, Microsoft Access MVP
Email (as appropriate) to...
RBrandt at Hunter dot com
Rick Brandt wrote:
Deano wrote:
>>"Tom van Stiphout" <no*************@cox.netwrote in message
news:5s********************************@4ax.com. ..
>>>On Sat, 12 Jul 2008 20:46:11 +0100, "Deano" <de***@mailinator.com>
wrote:
It is non-existent.
-Tom.
Blimey, I guess you have to make your own solution. I can only
presume they gave a very good reason for this, even if workgroup
security wasnt' that great to begin with. It does seem like a major
feature to drop.
If you just want to track users and provide "guidance" ULS was always way
more trouble that it was worth. Home-grown is a lot easier to put in place
and to maintain. The extra hassle of ULS was only worthwhile if the actual
"security" provided was real and it was not.
I like/liked for the CurrentUser property.
Salad wrote:
I like/liked for the CurrentUser property.
But a simple table and the API to get the Windows login is just as good,
trivial to set up, and doesn't have to bother the user with logging into the
app.
--
Rick Brandt, Microsoft Access MVP
Email (as appropriate) to...
RBrandt at Hunter dot com
Tom van Stiphout <no*************@cox.netwrote in
news:8q********************************@4ax.com:
I would not try to manage AD from your app, but rather simply use
the server's tools to manage it. Your app should only read role
membership.
But *somebody* has to manage it, and that means (in my world) that I
have to grant somebody at the client permissions on the server to
manage users (and group membership/organizational units, depending
on how the sysadmin has set things up).
While my clients like me a lot and are willing to trust me to do it
for them, I never do this kind of thing for them -- I just don't
like being the only one responsible for user management.
--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/
"Rick Brandt" <ri*********@hotmail.comwrote in
news:L1****************@flpi149.ffdc.sbc.com:
If you just want to track users and provide "guidance" ULS was
always way more trouble that it was worth. Home-grown is a lot
easier to put in place and to maintain. The extra hassle of ULS
was only worthwhile if the actual "security" provided was real and
it was not.
I strongly disagree with this.
--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/
"Rick Brandt" <ri*********@hotmail.comwrote in
news:HN******************@nlpi061.nbdc.sbc.com:
Salad wrote:
>I like/liked for the CurrentUser property.
But a simple table and the API to get the Windows login is just as
good, trivial to set up, and doesn't have to bother the user with
logging into the app.
My apps have users logging in, but the users don't know that. Their
ULS accounts have no passwords and their account names are the same
as their Windows logon, so the shortcut to launch the app uses the
appropriate environment variable to pass the user's logon to Jet
ULS.
--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/ This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: David McNab |
last post by:
Hi,
I'm writing a web app framework which stores pickles in client cookies.
The obvious security risk is that some 5cr1p7 X1ddi35 will inevitably try
tampering with the cookie and malforming...
|
by: Bruno Desthuilliers |
last post by:
Hi everyone !
Could someone point me to infos about securing python for use as CGI or
mod_python for a shared hosting environnement ?
I searched google, but did not find anything specific :(
...
|
by: atl-jcd |
last post by:
Does anyone have a HTML or PDF copy of the old Al Stevens article:
"Passing the C++ Test: Securing success in an interview" from Dr. Dobbs
Journal
(I know I can get it from the DDJ site if I...
|
by: byrocat |
last post by:
I'm chasing after a documetn that was available on one of the Microsoft
websites that was titled somethign like "MS SQL Server Best Practices"
and detailed a nyumber of best practices about...
|
by: James |
last post by:
What's the best way of securing online databases and web services? At present I am using a database password, which of course is not hard-coded into the web service, but this means re-submitting it...
|
by: Susan Bricker |
last post by:
Greetings. I am looking for some advice on making a database secure.
By secure, I mean that I want only certain people to have write access
to the database and I want the updates to be permitted...
|
by: Wm. Scott Miller |
last post by:
Hello all!
We are building applications here and have hashing algorithms to secure
secrets (e.g passwords) by producing one way hashes. Now, I've read alot
and I've followed most of the advice...
|
by: Mark Goosen |
last post by:
Hi ive installed wse 2.0 SP3 and was running throught the demo downlaoded on
the Securing the Username Token with WSE 2.0 page the Securing the Username
Token with WSE 2.0.
Im spose to change...
|
by: KJ |
last post by:
Hello All,
I have to secure my first real B2B web service. Could you please
provide some guidance as to which method of security I should use. One
caveat is that we will not be using SSL on the...
|
by: Les Desser |
last post by:
In article
<fcebdacd-2bd8-4d07-93a8-8b69d3452f3e@s50g2000hsb.googlegroups.com>, The
Frog <Mr.Frog.to.you@googlemail.comMon, 14 Apr 2008 00:45:10 writes
Not sure if I quite follow that.
1....
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
