Results 1 to 10 of 10
  1. #1
    Join Date
    Nov 2009
    Posts
    223

    Unanswered: Database Protection

    Hi,

    Previously, i wanted code to click a button which woudl back up the database.

    Now, I worry that one of my future staff might copy all the information in my database and pass it onto a competitor.

    Is there any way to protect the information and/or the format in my database? Maybe with a password protect? Maybe with some other software purchase? Obviously, this could be very important?

    Thanks for any information you may have?

    Paul
    What would you attempt to do if you knew you would not fail?

  2. #2
    Join Date
    Mar 2009
    Posts
    5,442
    Provided Answers: 14
    Converting it to a .mde file will forbid opening the objects in design mode (forms, reports, macro and modules: tables and queries are still available) and will remove the source code from all modules. WARNING: You cannot undo the conversion. Have a copy of the mdb file in a safe place before converting.

    You can also protect the database with a password that will be needed to open it.
    Have a nice day!

  3. #3
    Join Date
    Nov 2009
    Posts
    223
    Thanks for your comments, Sinndho.

    The situation I will have is that any employees will need to work on the database.

    What I would like to stop is the employees taking a full copy of the complete database (eg. maybe close the DB and just copy and paste from the hard drive? This woudl contain all details of the properties, owners, renters, contracts etc etc.

    It woudn't be my preference to trust the employees as this may ultimately lead to my business failing if competitors take away my clients?
    What would you attempt to do if you knew you would not fail?

  4. #4
    Join Date
    Mar 2009
    Posts
    5,442
    Provided Answers: 14
    When a database is converted to a .mde file, it can still be open and people can continue working with it. However the objects (forms, reports, modules) cannot be open in Design View (i.e. they cannot be modified).
    Have a nice day!

  5. #5
    Join Date
    Nov 2009
    Posts
    223
    ok, that sounds interesting.

    So, let's presume the employees can work during the day with a .mde file and input all the happenings/transactions of that day.

    What would I do with the .mde file at the end of each day? Is that convertible back to a .mdb file?

    is it possible for the employee to take a copy (say on a flash memory) of the .mde file and pass on the information/details contained inthat file?
    What would you attempt to do if you knew you would not fail?

  6. #6
    Join Date
    Mar 2009
    Posts
    5,442
    Provided Answers: 14
    No, it's not possible to revert a .mde file to a .mdb.

    Before anything else, the application should be split according to the classical Front-end/Back-end schema. The back-end contains only the data (tables) while the front-end contains everything else (forms, queries, reports, etc.). The back-end is kept as a .mdb file and is shared among all users, while the front-end is converted to a .mde. Each user receives its own copy of the front-end and each copy is linked to the back-end.

    You can split the application manually or you can use the tool Access provides for this purpose. see: http://www.dbforums.com/microsoft-ac...-question.html.
    Have a nice day!

  7. #7
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    securing an Access db is not a trivial process, securing the data inside that db is arguably nearly impossible, certainly its impossible using Access only

    do yourself a favour and read up on workgroups security within Access. as ever if you do make changes to wrokgroup security make certain you back up the db before making any changes just in case

    you can tie down Access db's reasonably effectively if you use network / OS policies as well, such as not allowing users to access removable storage (floppy, USB's, writeable CD/DVD's.

    you can hide data by restriciting access to the data to sepcified users / usergroups.
    but the reality is that if you have truly sensitive information then almost by defintion you shouldn't have it stored in an Access / JET database
    I'd rather be riding on the Tiger 800 or the Norton

  8. #8
    Join Date
    Nov 2009
    Posts
    223
    Thanks for your views, guys.

    So, it seems that securing an Access database is not an easy task, and the data could be copied by someone with a little bit of technical knowledge?

    I created Access because I wanted a cheap and easy way to customise my own company database. I have, with help from this webiste, successfully created 75% of what I require.

    But if the data is not secure then maybe, in the future, I will need to think about having the overall schematics copied and produced by a 'professional' database which is more secure?

    Please does anybody have any suggestions on which road I may have to travel in the future?
    What would you attempt to do if you knew you would not fail?

  9. #9
    Join Date
    Mar 2009
    Posts
    5,442
    Provided Answers: 14
    Your investment in Access would not necessary be lost if you would decide to store the data on a more robust system (SQL Server, MySQL, etc.). With a minimum of required adaptations the front-end can remain almost the same, whatever the back-end becomes.
    Have a nice day!

  10. #10
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    it depends onm what you are trying to secure, and how much value there is in the db / data
    you can ttie an Access / JET MDB down so its reasonably secure (ie secure against the casual user, but it won't be secure against an experienced attacker), but virtually no db is secure against a truly determined attacker who as access to the db / data from within your organsiation.

    if you are planning on selling the data / db to an outside organisation then Access / JET can be a serious issue as there is very little you can do to truly secure the db outside your own network.

    that doens't mean Access / JET isn't a usefull format, just that you really shouldnt' be trusting critical commercially sensitive data to Access.

    there are things you can do, ferinstance you could encrypt the data inside the DB, and pay the performance penalty to decrypt on each access (it deos mean you need to think carefully anout what you want indexed 9 which will need to be in cleartext and what is sensitive and needs to be in cyphertext. eg looking at a customers contact details, you'd probably want the customer name and company name in plain text, and mask the address, email, phone number and so on. forget what its called but Windows ships with a reasonably robust encryption decryption library.
    I'd rather be riding on the Tiger 800 or the Norton

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •