Results 1 to 7 of 7

Thread: Steal mdb-file?

  1. #1
    Join Date
    Apr 2002
    Location
    Thailand
    Posts
    81

    Unanswered: Steal mdb-file?

    My boss don´t like the idé of someone simply bringing a portable CD-burner, or something, and stealing the entire database.

    Anyone know any good ways of looking files in WinXP filesystem or something similar to prevent this?

    Jo´

    The customer database is extemely valuable to companies...Remember that when negotiating your pay...

  2. #2
    Join Date
    Apr 2002
    Location
    Germany
    Posts
    228
    Access is a File based database thus needs read right (and complains without write rights although it's not actually needed) to the db file. That enables everyone with access to (parts) of the database to just copy the file from the server. You can however encrypt the database file making it a lot harder than just to copy the file to get to the data if you have properly set your user permissions. Read more about that in another thread http://dbforums.com/t346608.html and your Access documentation. I don't know in particular what Access is using for the encryption but it should at least keep people from "just copying the database" to a CD-R. If you need a more secure system you will have to think about getting one of the "big" DBMS which will keep the actual database file locked away from the users plus the possiblity to apply strong encryption on it rendering it virtually impossible to decipher the data without knowing the key.

  3. #3
    Join Date
    Apr 2002
    Location
    Thailand
    Posts
    81
    Problem with user rights is that the most likely theifs are the users. So locking out everyone but the users, who need acces to be able to work, is useless. Also Ive seen a lot of "password recovery" tools etc around. When they quit their job, they can take the entire company customer register to their new employer...

    This encyption stuff any help there?

    Will using SQL help me you think? Ok they can get the interface, but the data will be harder to get...

    Johan
    Last edited by Johnny Dove; 05-02-02 at 06:01.

  4. #4
    Join Date
    Apr 2002
    Location
    Germany
    Posts
    228
    Well, if your users have the rights to view the data they have the possibilty to copy it. Even if they'd have to go that far making a photo of the screen. But encrytpting the database will prevent the easy move of just copying the whole db from the server and taking it home and reading out stuff you don't have the rights to see. A server DBMS will prevent copying the db file completely making it a harder to get to the data you have the rights to view although it won't prevent it. I don't think Access encryption is good enough to withstand serious cryptographic analysis but you can't just read it out with a file editor. When using a db server you could also think of logging access to special sensitive data providing access via stored procedures and hide the tables underneath preventing mass queries of data.

    Michael

  5. #5
    Join Date
    Apr 2002
    Posts
    44
    best bet is something along the lines of what I am working on right now...I need to prevent users from screwing up the database file, so I am basically hiding it.

    If you create a front-end/back-end database file. The front-end of course contains no data. Then the user connects to files on the back-end.

    However, you obfuscate the filename and directory path, but set up the access to the file in the linked Table manager.

    Then setting NTFS permissions, you turn OFF the List and Execute permission for all of the directories in the path "hiding" your back-end data file.

    Then the only thing left to do is, sufficiently lock down the front end file (disable the SHIFT key, etc) so that users cannot get to the linked table manager and see the path to the file.


    What has this accomplished? Well the users still have read (and write permission if necessary) to the data file. However, without knowing the exact path to get to the file, the users cannot perform any file operations directly on the file itself.

    It isn't Fort Knox security, but it is a LOT better than just handing the data to them....probably the best you can get without using a true database server...

  6. #6
    Join Date
    May 2002
    Location
    Long Island , New York
    Posts
    3
    IN the midst of this now with a client; one part of the solution are computers without floppy disks or burnable CD's - you can also turn off the menus and the table/query/report window , and let them play with a MDE so they can't mess with the code -

  7. #7
    Join Date
    Apr 2002
    Posts
    44
    don't get to feeling too "safe" just because the computers don't have a floppy or a burnable cd...they are networked...they probably have e-mail, if you can get your hands on the data, it is as good as gone...

    another way to protect data pretty well using Access only, is to use a web front-end for it. The web server offers another level of protection and obscurity.

    Of course, you could also set up MSDE and run that on the server...it is basically a free low-powered SQL server...it would require rewriting the DB a little bit, but there is no longer a "file" sitting out there for someone to grab....now they have to figure out how to export a database...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •