By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,490 Members | 897 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,490 IT Pros & Developers. It's quick & easy.

Back End DB security doubt

P: 47
HI:
I have designed an MSAccess 2010 DB to handle Mainteniance Work Orders , it has tables like WorkOrder, employees, equipment,department to load mainteniance help request,there are like "customers" who ask for help and "suppliers" ( mainteniance personel that supply the help) , using VBA the app checks the ENVIRON("UserName")and based on this UserName and through VBA ,forms and fields are enable/ disable, visible /invisibe depeding on user job position and privileges, I use a Back End DB where tables are located and a Front End DB where queries, forms reports and VBA code are stored, also I save the front end as .accdr that is a run time version of the app so people can't see the code behind , at this point every thing is fine, but in order to allow all user to read / write to the Back End DB I needed to gave them read/ write permisions in the Back End folder, and ultimatelly if they discover where the back end is located they can get in and mess with the data tables, this is not a supercritical data , but I'm worried that being willing or not somebody can go in and mess up the data, so I wondering if there is a way to set a password for the Back End and then using code in Front End log In so in case they want to open Back end without using the front end log in they can't access

thanks for all your help
Jun 13 '12 #1
Share this Question
Share on Google+
1 Reply


100+
P: 365
Hi, i will share with you some of the things i do with my back end databases, you might find them useful you may not...
  1. Save the database in a hidden shared folder (using a $ after the share name means it cannot be found unless you know what it is)
  2. Write an autoexec macro/startup form that runs a docmd.quit unless you have set a command line flag (i'll let you google that if you dont know of it, but essentially, you create a shortcut with /cmd "letmeinplease" or whatever you want and unless this is supplied the database wil quit, and of course only you will know what it is
  3. Make all the tables in the database hidden, so that they cannot be imported into a new database (unless you unhide them)
I'm sure there are better methods, but i found using a database password too frustrating, you have to code the password into an ODBC connection or something, i cant quite remember, havent looked at that in years.

Good luck
Jun 15 '12 #2

Post your reply

Sign in to post your reply or Sign up for a free account.