Results 1 to 7 of 7
  1. #1
    Join Date
    Nov 2002
    Location
    VA
    Posts
    24

    Unanswered: To to Secure my Database

    Hi everyone,

    Hope everyone is fine.

    I was wondering if anyone knows how to protect Access Database if someone knows how to bypass the login screen by a technique that most of you guys might know.

    I have a program startup on their Login screen, userid and password is needed to open the appropriate form for each user. if it is incorrect, the database closes. What if an Access Programmers know how to bypass the startup screen and looks into the table where they can edit information directly to the table. How do I protect that?

    Currently, when I need to edit my table or forget a password to the users, I use a shortcut to go directly to the table. If I know the shortcut, I don't want any other user knowing it because they can edit some of the information directly. If someone knows wht I'm talking about, can you help me in protecting user from editing my table .

    thanks for the help in advance.

    sopheap

  2. #2
    Join Date
    Dec 2002
    Location
    Préverenges, Switzerland
    Posts
    3,740
    access' permissions can define users (groups) and what rights they have for each form/query/table etc in your app.

    start your research with the keyword "permission" in access help.

    two recommendations:
    -make your own backup of the unsecured app before starting and verify that the backup works! i know access is supposed to do this for you automatically but...
    -when you have finished, install your app on a different machine and verify that it _is_ secured: it is possible to have an app behave securely on your development machine and be wide open when deployed to users.


    izy

  3. #3
    Join Date
    Aug 2002
    Location
    Charlotte NC
    Posts
    665
    Unfortunatly the documentation on security for access (atleast access 97 and 2000) is hit or miss most of the time. My recomendation is to go threw the user level security wizard one step at a time to make sure that you understand it. The key is the security file. you must actualy double klick on the security file to launch the app, i want to say the mde file but i dont think thats the extention. Maybe someone else can post the extention of the security file.
    Jim

  4. #4
    Join Date
    Nov 2002
    Location
    VA
    Posts
    24
    Thanks for the respond, I think I'm looking into Allowbypasskey. So far I have this code. I have the issue of what do I do If I'm the administrator and I use the by passkey to look into the table. code down below won't allow the bypasskey so I won't be able to look at the table or modified my code. What happen if my database got corrupted and I want to import my tables and forms, etc..., without bypass key, I won't be able to have access to the codes and table. hope u guys understand.

    Sub SetStartupProperties()
    Const DB_Text As Long = 10
    Const DB_Boolean As Long = 1


    ChangeProperty "StartupForm", DB_Text, "login"
    ChangeProperty "StartupShowStatusBar", DB_Boolean, false
    ChangeProperty "AllowBuiltinToolbars", DB_Boolean, false
    ChangeProperty "AllowFullMenus", DB_Boolean, false
    ChangeProperty "AllowBreakIntoCode", DB_Boolean, false ChangeProperty "AllowSpecialKeys", DB_Boolean, false
    ChangeProperty "AllowBypassKey", DB_Boolean, false

    End Sub

    Function ChangeProperty(strPropName As String, varPropType As Variant, varPropValue As Variant) As Integer
    Dim dbs As Object, prp As Variant
    Const conPropNotFoundError = 3270

    Set dbs = CurrentDb
    On Error GoTo Change_Err
    dbs.Properties(strPropName) = varPropValue
    ChangeProperty = True

    Change_Bye:
    Exit Function

    Change_Err:
    If Err = conPropNotFoundError Then ' Property not found.
    Set prp = dbs.CreateProperty(strPropName, _
    varPropType, varPropValue)
    dbs.Properties.Append prp
    Resume Next
    Else
    ' Unknown error.
    ChangeProperty = False
    Resume Change_Bye
    End If
    End Function


















    Originally posted by izyrider
    access' permissions can define users (groups) and what rights they have for each form/query/table etc in your app.

    start your research with the keyword "permission" in access help.

    two recommendations:
    -make your own backup of the unsecured app before starting and verify that the backup works! i know access is supposed to do this for you automatically but...
    -when you have finished, install your app on a different machine and verify that it _is_ secured: it is possible to have an app behave securely on your development machine and be wide open when deployed to users.


    izy

  5. #5
    Join Date
    Dec 2002
    Location
    Préverenges, Switzerland
    Posts
    3,740
    i'm not convinced that disabling the database window will do the job: most folk who know enough to be able to expose the database window also know enough to link to external data from a new db to get at your tables.

    izy

  6. #6
    Join Date
    May 2002
    Location
    Ohio
    Posts
    7
    I like the idea of the security wizard. The most data I had found for security was in the "Peter Norton's Guide to Access97 Programing". Still leaves somethings to conclusion but think "KISS" kept it simple....
    MAKE SURE YOU BACKUP THE UNSECURE DB BEFORE YOU START PLAYING WITH THE SECURITY.
    In my case, the DB was getting to large with data and code. I split the data out and kept tables with the code that was only used by the code. Not the data used/modified by the user's - thier data tables were in a seperate .mdb and linked to the main program with the querys, form, etc and all the code. The security needed was to protect the code and direct entry. I created and joined the secure wrkgrp using "Wrkgadm.exe". Write down and kept a safe copy of the details you enter for the secure workgroup and the users. If you ever cash the DB or sercuity ".mdw" file you need to use the same data again. Then you run the security wizard while joined to the secure wrkgrp and logged in with the name that you will use. The wizard will tag your ID to the owership of all the files if you split the DB you will need to do the same for both sides. I did not require a standard user to log on since the data was not that secure. So I set the permissions up that myself and one other had full rights and we were the admins. The other users could use the system defaults system.mdw and would start as the admin user. Admin as a user had only the rights to use the DB and no right to modify tables, forms, querys, code and the like. MAKE SURE YOU BACKUP THE UNSECURE DB BEFORE YOU START PLAYING WITH THE SECURITY. I had to play around with the differance of how the permissions handled thing before I was happy as to what a standard user could or could not do. Now I have a shortcut that starts access with path to the DB with my login, pwd and wrkgrp. As I said before the standard users can just dbl click the db or start access and select the db to use BUT they can't do much since it is not allowed. Your going to make mistakes in the begining while you check and test what you want the users to do. Use your backup and start over when ever you get yourself locked out.
    Hope this has helped. Hard to give details when there are unknown variables.

  7. #7
    Join Date
    Nov 2002
    Location
    VA
    Posts
    24
    Thanks for the respond to all. They were all good ideas and I will take them into consideration. thanks for the help again

    sopheapteng

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •