Hi guys, I need some advice as to what would be the best security approach to take when deploying an Access application.
I'm about to distribute an application that I have been working on for the past year and half, and I just can't decide if to distribute it as an MDE or MDB.
I know that if distributed as an MDE, basically no one can make any changes to the code, forms, reports, etc. but if I understand correctly there is no way to update forms, reports, etc in case there is a bug found.
On the other hand, if distributed as MDB and protecting it by setting up Administrator password, I do have the update option available but, there is a big chance someone cracking the password and therefore having access to everything.
Now, I am not worried about the end user, but I do worry about some one out there with enough Access experience that may take advantage of it.
I have gone through the process of protecting my investment with Copy Right, but still have not decided which way to go.
I’m leaning towards MDB distribution and take that chance in order to have the ability to update/patch just in case.
In short do both
deploy the application (& data) to the user desktops by using MDE's, remembering to keep a master copy of the original as a MDB
deploy sedcurity within the application using workgroup security, remembering to retain all rights to administrator, remove all rights from user "ADMIN", or make user "ADMIN" the lowest form of user life in your application. The real pain in the .... with access workgroups is if your network goes down, or there's a problem with the directory where the workgroup file is located dissappeears then Access automaitcally creates a new workgroup file on a local drive. So you also need to force the users to use a specified workgroup, offhand i think its /w<filename> on a desktop shortcut.
Word of warning if you are just starting off on the deployment of security take plenty of backups, and be prepared to loose many hours of sleep / time etc as things go wrong. The security model in access is very effective but its easy to screw it up. I would also not be tempted to micromanage security, unless you arew working on a tremendously complex application (if so you're almost certainly using a client server model rather than JET's file server modeland you'll be using the server security (won't you?)) then allocate users to groups, and permsisions to groups.
If in doubt buy some decent books - I've always found the Access Developers Handbooks by Gertz, Litwin & Gilbert published by Sybex worthwhile. No I'm not on commission (wish I was)