I have an Access 2007 application running on a terminal server. One of
the features of the app is a wizard that allows them to create an
Excel spreadsheet by querying the Access data. When they create the
Excel spreadsheet, they have to be able to browse their folders to
choose the file location the spreadsheet will be saved to.
My concern is that when they are browsing for folder locations, they
have the ability to browse to and open other files, including the back-
end database for my application. I've set up my back-end to kick
unqualified users out upon login (using Access User Level Security),
and I've set the terminal server environment so that my app is the
initial program run and so it shuts down when my app is closed. Users
have no access to the server desktop or start bar. But the file
browsing provides a hole in my security. I'm wondering whether there's
a way to allow the user to browse to file locations while preventing
them from actually opening files.
?