We have a database with NO security on a network drive.
Seems that some IT person went in and created a security.mdw
Now no one can log into the database.
Is there a way to get rid of this and get the database back to a
normal shared database?
10  1348 
sparks wrote:
We have a database with NO security on a network drive.
Seems that some IT person went in and created a security.mdw
Now no one can log into the database.
Is there a way to get rid of this and get the database back to a
normal shared database?
Find out who made the change and get them to fix it.
A blowtorch and a pair of pliers?
"sparks" <sp****@comcast.netwrote in message
news:64********************************@4ax.com...
We have a database with NO security on a network drive.
Seems that some IT person went in and created a security.mdw
Now no one can log into the database.
Is there a way to get rid of this and get the database back to a
normal shared database?
Restore it from your most recent backup? The only way you'll stop someone
from dabbling with your app is to secure it, either using Windows file
permissions or Access user-level security or a mixture of both.
Keith. www.keithwilby.com
^^@Keith,
Thats not entirely true - you can also use cryptography on the fields
if you wish (although it is a lot of work), and there are other ways
of introducing security into db if you need to go down that path.
My point is simply that the IT guy has acted inappropriately and
possibly thoughtlessly. Access security isnt really secure, and if you
really want to make something secure then you need to do a risk
assessment to determine an appropriate level of security to implement.
Its not that hard, it just takes a little forethought and planning,
which is apparently what your IT guy failed to do.
I would certainly take Keiths advice and get hold of an old backup. I
would also want to have a suitable backup mechanism built into the
application itself and not have to rely solely on the IT guy to handle
this given the current situation. It is possible to make
cryptographically secure backups too. It all depends on if you need
all that stuff. Maybe the IT guy was just playing.
Cheers
The Frog
Keith Wilby wrote:
"sparks" <sp****@comcast.netwrote in message
news:64********************************@4ax.com...
We have a database with NO security on a network drive.
Seems that some IT person went in and created a security.mdw
Now no one can log into the database.
Is there a way to get rid of this and get the database back to a
normal shared database?
Restore it from your most recent backup? The only way you'll stop someone
from dabbling with your app is to secure it, either using Windows file
permissions or Access user-level security or a mixture of both.
Keith.
www.keithwilby.com
"The Frog" <Mr************@googlemail.comwrote
A blowtorch and a pair of pliers?
Overkill. The quote may be apocryphal, or it may have been said by someone
else _about_ LBJ, "When you got 'em by the b***s, their hearts and minds
will follow."
That said, I've been in the business a long time, and never encountered an
IT person who would secure an application from its owner/users unless
directed to do so by management or unless the IT person thought there was an
emergency that made it a _compelling need_ to do so*. It is certainly
something that you ought to take up with IT, or, even better, that your
manager ought to take up with a corresponding-level manager in IT.
* that's not to say that there isn't such a person, somewhere, but
I've worked with some pretty ditsy ones over the years and
haven't encountered any
Larry Linson
Microsoft Office Access MVP
I had the pleasure of working with one once. It was someone in a
security firm who made the decision that he was going to 'secure'
everything and the business be damned. Unfortunately for him he didnt
make any backups or even export the cryptographic keys and credentials
before 'activating' his master work, and of course you cant actually
make yourself a log-in if your credentials are stored in an encrypted
system and you need them to get into that very system.....
Then there was the second attempt by this 'expert' to create a 'safe'
operating environment for 'his users' where he established each user
account as a guest account - including the administrator. Lovely stuff
and I am really glad that I am not entirely sure how he managed this
master stroke.
The final stretch of genious that I saw from this very special
'expert' was when he finally decided, after threat of being fired, to
run regular backups on the servers, and to have the backups stored off-
site. Pretty reasonable one might think. Enter the last stroke of
genious, the backups were stored on cryptographicly secured drives on
a RAID array, which were swapped out as needed. Not my preferred
choice, but it could work, except that when the servers did crash it
does help to have the appropriate cryptographic certificates to be
able to read ones drives again doesnt it?
I am not entirely sure what became of this man, however I am quite
aware that he managed to destroy a company by his incompetence. I am
sure he meant well, he was just an idiot who didnt think about the
consequences of his actions. I do believe that there exists a group of
perople that are willing to experiment with other peoples toys not
knowing really what they are doing. I do hope in this case that the
OP's IT person acted with good reason and cause, and has the common
sense to handle things appropriately. However, when I see actions such
as this I cant help but feel that 'fiddling' has taken place - and
probably shouldn't have - just the same.
I cant imagine a reason that someone would encrypt a database without
telling the 'owner' if it was a risk when the database in this case is
a file that can be placed onto a DVD or tape or mobile HD, USB key or
whatever and temporarily removed from the 'offending' system entirely.
Safer, easier, and not problem to then later do a proper risk
assessment and implementation of appropriate security measures. I am
afraid that the actions of the IT person in question will always seem
either a deliberate dogs act or one of ignorance that shouldn't have
been acted on.
Just my 2 cents
The Frog
Well we are caught between a rock and a hard place.
First IT denies everything.. I asked who created this file.
WE DONT KNOW.
then we check the person who owns the file, I am assuming as soon as
she logged in she took ownership..Its the girl doing the data entry.
How did you log in, what username and password...
I JUST HIT RETURN RETURN and it opened.
That is what she told the IT department.
IT then said maybe it just appeared... I said no, someone had to
create it.
now someone had to go into security and set it up..It looks like you
can do it with no username and password on the security, at least that
is what they are saying. They have the whole directory copied into
some secure server for now and no one can see it.
On Thu, 28 Aug 2008 18:55:21 GMT, sparks <sp****@comcast.netwrote:
>We have a database with NO security on a network drive.
Seems that some IT person went in and created a security.mdw
Now no one can log into the database.
Is there a way to get rid of this and get the database back to a
normal shared database?
sparks wrote:
Well we are caught between a rock and a hard place.
First IT denies everything.. I asked who created this file.
WE DONT KNOW.
then we check the person who owns the file, I am assuming as soon as
she logged in she took ownership..Its the girl doing the data entry.
How did you log in, what username and password...
I JUST HIT RETURN RETURN and it opened.
That is what she told the IT department.
IT then said maybe it just appeared... I said no, someone had to
create it.
now someone had to go into security and set it up..It looks like you
can do it with no username and password on the security, at least that
is what they are saying. They have the whole directory copied into
some secure server for now and no one can see it.
Security cannot be done by accident. If some people (even one) can open the
file without providing a username and password then the file is not secured.
The mere presence of a security.mdw file means nothing at all. A user will
not utilize an MDW file unless they go out of their way to do so.
--
Rick Brandt, Microsoft Access MVP
Email (as appropriate) to...
RBrandt at Hunter dot com
Hi Sparks,
Dont take the file ownership thing as an absolute in this case either
- it is something that can be taken by someone and depending on the OS
also given to someone.
My suggestion is to not hit the panic button just yet. Can you get in
to the application and work with it? Can you see the data in the
tables? If you can the first thing I would do is to get a dump of the
database completely, everything. If you need help with that just drop
us a note here and I am sure some of us will be able to get you moving
in the right direction.
Rule #1: Make a backup of your data - make it safe - make it
regularly.
Cheers
The Frog
"The Frog" <Mr************@googlemail.comwrote
I am not entirely sure what became of this man,
however I am quite aware that he managed to
destroy a company by his incompetence. I am
sure he meant well, he was just an idiot who
didnt think about the consequences of his actions.
It's possible that he got a starring role in the training video "Adjusting
attitude with the common 2X4." This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Sarah Tanembaum |
last post by:
I was wondering if it is possible to create a secure database system
using RDBMS(MySQL, Oracle, SQL*Server, PostgreSQL etc) and web
scripting/programming language(Perl, PHP, Ruby, Java, ASP, etc)...
|
by: Fran Tirimo |
last post by:
I am developing a small website using ASP scripts to format data retrieved
from an Access database. It will run on a Windows 2003 server supporting
FrontPage extensions 2002 hosted by the company...
|
by: Nascimento, Daniel |
last post by:
i tried to create a conecction to a database MSAccess 2002 with Microsoft JET
4.0 OLE Provider but it gives me the error:
'Teste connection failed because of an error in initializating provider....
|
by: Nicolae Fieraru |
last post by:
Hi All,
I am working on a web site in asp which will be hosted on a Windows 2003
server.
I use the following code to connect to the database:
Set objConn =...
|
by: kai |
last post by:
Hi, All
I try to block some one import my Access database tables using Access
database.
I used password protection, but if some one crack through my password, are
there any other methods to...
|
by: lappy |
last post by:
Hello, I have written a small programme to compact an access 97
database.
Dim je As New JRO.JetEngine
' Compacts database Data.Mdb to Data2.mdb.
je.CompactDatabase...
|
by: Ant |
last post by:
I am trying to apply security to a database I have just finished. The
application is split into a back end of tables and a front end of forms etc.
I need some users to have access to forms based on...
|
by: clusardi2k |
last post by:
Hello again,
I have to go home and read up on Access.
But, I have read else-where in this newsgroup that I can just save the
password in the database under scrutiny.
Wouldn't it be wasteful...
|
by: jason |
last post by:
I've been playing around with new (for 2.0) membershp functionality.
I was able to build a simple login form that secures a directory on a
project I built locally on my development desktop.
...
|
by: Ted |
last post by:
I am construvcting a number of databases, some of which contain
sensitive data and most of which do not. I am attempting to handle the
security issues involved in protecting sensitive data in part...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
| |
