Re: How can I stop people have access to my MS Access Tables and Queries via Import?

Hi Larry
My objective is to prevent an average user from being able to gain
access to my tables. I use SageKey installer scripts to install all
the Access runtime files, but was suprised to find that a user with MS
Office could use Access to extract the data tables from my
application. I have discovered that whether I encrypt the database or
hide my tables any user with Access has Admin rights and can gain
access.

The things which I need to know in principle before studying the
subject in detail is:
1. Can a MDW file be applied to a specific MDB file without applying
to all the other MDB files on the target PC, [from other discussions
on this group it is far from being clear]?
2. Can I password only the Admin leaving the Users with Full data
rights without having to login?
3.If I do manage to do 1) and 2) above can a user delete the MDW file
to gain access to my database or will the database cease to function?
Regards
--
Carriolan

caOn Sat, 10 Dec 2005 17:53:56 GMT, "Larry Linson"
<bouncer@xxxxxxxxxxxxx> wrote:

>How much is the data in your tables worth? Workable "cracks" for Access can
>be purchased for around US$150 -- if the price has not gone up or down in
>the past year or so.
>
>It is possible to associate a workgroup file, but it is also possible that
>the user might "join" that file, so that it is used no matter what Access
>database they try to open.
>
>The way you require a password is to put a password on the Admin account.
>Once that is done, every user requires a password. If I recall correctly,
>you can distribute a copy of your application with the user rights assigned
>to the Users group, and all users removed from Admins... so the security
>applies, but they do not have to log in. (But, I'd recommend checking the
>Security FAQ carefully and Googling this newsgroup archives on the subject.)
>
>And, as far as stealing the application itself, few Access database
>applications are so mysterious that an experienced Access developer can't
>observe the application in operation and re-create it in substantially less
>time than the original development required. After all, the "heavy lifting"
>of how to apply Access to the business issue has already been done, and
>can't be hidden.
>
> Larry Linson
> Microsoft Access MVP
>
>
><carriolan@> wrote in message
>news:6qtjp1h59eq9ceqaemab1ijdjjlscu6kvn@xxxxxxxxxx
>> Hi Keith
>> I am a newbie at this; especially with regards to Access security.
>> Could you clarify some points for me please.
>> 1. Is it possible to associate a MDW file with a specific Access app
>> without affecting other MS Acees applications on the same pc?
>> 2. Is it possible to setup an MDW file giving users full data
>> permissions with no password (Administrator roghts being passworded)?
>> I do not want users having to log in
>>
>> What I am really trying to do is stop the 'man in the street, from
>> unhiding my tables and taking the data. I realise that it will never
>> be bullet proof.
>>
>> Regards
>> Carriolan
>>
>>
>>
>>
>> On Wed, 7 Dec 2005 08:46:03 -0000, "Keith W" <here@xxxxxxxxx> wrote:
>>
>>><carriolan@> wrote in message
>>>news:evhbp1lfphttvjbj7naggbgpkc6f3jmbnf@xxxxxxxxxx
>>>> Hi Keith
>>>> I am going through the MS FAQ as you suggested. Agreed it is not for
>>>> the faint hearted! I have one more quested. As my program is for
>>>> distratibution to the general public as shareware, is using this type
>>>> of security valid?
>>>> Regards
>>>> Carriolan
>>>>
>>>What do you mean by "valid"? As I stated previously, it won't stop a
>>>determined hacker with the right tools from breaking in, so you'd have to
>>>do
>>>a risk assessment to determine the likelihood of it happening and whether
>>>or
>>>not you care if it does. One further layer of protection is to convert
>>>your
>>>front end into an mde file, which is a fully compiled version of your mdb,
>>>hence no code is visible. A hacker would then have to reverse engineer
>>>your
>>>functionality into code in order to "steal" it.
>>>
>>>HTH - Keith.
>>>www.keithwilby.com
>>>
>
.

Relevant Pages

  • Re: user level security wizard
    ... the name of the database in this shortcut was not the copy, ... But the error message you got I thought was in reference to the mdw file, ... you said that every mdw file has the admin user and the Users Group ... and the security wizard does this for you. ...
    (microsoft.public.access.security)
  • Copy secured database to include security
    ... What do I have to do to get a secured database to work on another computer? ... needed to set the security on both Front End and Backend. ... mdw file (Don't know if this is a good idea or not but wanted to keep files ... I then have an Admin ...
    (microsoft.public.access.security)
  • Re: Access security - is it just a joke?
    ... If the mdw file is available, the $12 software will hand you the ... the more expensive tool could remove the User Level Security ... Admin is recognized in access from ANY workgroup file. ... "Admin" your database is not secure. ...
    (microsoft.public.access.security)
  • Re: Deleting .mdw file removes security
    ... end the process by setting the "database" priviliges for the ADMIN user ane ... I put all my intended database gods into a new user ... >> With the mdw file not available at run time, ...
    (microsoft.public.access.security)
  • Re: Sorting out security
    ... > MS Access security. ... > created a new workgroup, added a password for the Admin role, added ... > remote logins to a secured database. ... The location of the current workgroup file is recorded in the ...
    (microsoft.public.access.security)
Loading