New to security have questions before plunging

[Guest]

Thanks, for the response. However, where I work and the places that this
project is being sent to really have no idea what they want. They say they
do, but they constantly keep changing the requirements. This makes it
difficult when trying to design and program.

 

[TC]

I'm not sure where they are stored, but definitely in the mdb file (which is
why you can use more than one mdw with a single mdb file).

They're stored in the MSysACEs table in the mdb file.


But your method requires many people to know the same (generic user)
password(s). So your security is compromised right from the get-go!

Cheers,
TC

 

[Joan Wild]

But your method requires many people to know the same (generic user)
password(s). So your security is compromised right from the get-go!

Yeah, I'd suggest Keith that you secure it so that they can use their
standard system.mdw, with no login.

 

[Keith]

Yeah, I'd suggest Keith that you secure it so that they can use their
standard system.mdw, with no login.

I take your point but it is always stressed to the users that it's in their
own interests to keep their passwords on a need-to-know basis. Never had
any problems so far but I wouldn't use this approach in a smaller
organisation.

 

[Immanuel Sibero]

TC,
Yea yea, we've heard it all before..
Stop fskin' around Google and get back to work, TC.



Kidding aside, hope you're doing fine, TC.

Immanuel Sibero

 

[TC]

TC,
Yea yea, we've heard it all before..
Stop fskin' around Google and get back to work, TC.

Kidding aside, hope you're doing fine, TC.

Hi Immanuel

Luckily I work for myself, so I can fskc-around with whatever I want!


Cheers,
TC

 

[Lee Stafford via AccessMonster.com]

Thanks Fysh, you asked all the questions that I have. It sounds like we
have very similar situations.

I know this area is something that I do not understand and I am afraid to
get into it.

Is there anywhere that I can go for very plain english type of instructions
that any idiot can follow?

I have the very same situation that Fysh has described so far. I have read
your replies and I am sure they will help once I get to a point that I
understand them....haha.

TIA,

Lee

 

[TC]

Lee, the trick to getting Access user-level security right, is to
follow an explicit list of written instructions - adding and omitting
nothing. The slightest deviation from the instructions, can cause your
database to be insecure. A typical list of instructions is, the Access
Secuerity FAQ - often referenced in this newgroup. No-one has any hope
of getting it right just by running the wizard, or "fooling around"
(not that I'm accusing the OP of that).

HTH,
TC

 

[Keith]

Is there anywhere that I can go for very plain english type of
instructions
that any idiot can follow?

There's a step-by-step example on my web site that might help but it's no
substitute for the FAQ (there's also a link to them on my web site).

Regards,
Keith.
www.keithwilby.com

 

[Lynn Trapp]

In addition to Keith's list, which is good, you can find a list on the
Security page of my website and on Joan Wild's site --
http://www.jmwild.com/Accesssecurity.htm

--
Lynn Trapp
MS Access MVP
www.ltcomputerdesigns.com
Access Security: www.ltcomputerdesigns.com/Security.htm
Jeff Conrad's Big List: www.ltcomputerdesigns.com/JCReferences.html

 

[Lee Stafford via AccessMonster.com]

Thanks, I think that will help. I do have another question, though. I am
creating this DB in 2000, but have edited it in 2003 a few times, and I
know that some users will have 97. If I secure it in 2000, will this cause
a problem with any other version?

TIA again,

Lee

 

[Guest]

As everyone has said this is no joke. I played with this for about a week
now. I beleieve I finally got it down and got my shortcut to work. I do
have a couple questions though. I only have 2 users besides the usual in my
db. One is for all the users the other is for the administrator so they can
get back in. A login box appears and depending on the name and password what
permissions they will have. I manually split my db to FE and BE. I gave the
FE user modify permission on the tables for linking etc.

Now my questions:
For some reason when I open another DB it still asks for a log-in, why? I
know someone here will say I missed something, but I can't figure out what.
Another question is I am going to implement the disable key and make it a
MDE. Is this all I am going to have to do to complete the security? Nobody
will be allowed to import my backend is this correct?

Thanks a bunch, this group constantly helps those in need

 

[Guest]

Ok I figured out the first question. I didn't rejoin to the system.mdw. I
don't recall seeing that in the literature.

 

[Joan Wild]

Now my questions:
For some reason when I open another DB it still asks for a log-in, why?

Because your secure mdw that you used is now the default one to use for all
Access sessions. Use the workgroup administrator to join the standard
system.mdw that ships with Access. Use your shortcut for your secure mdb.
All other sessions of Access will use the default system.mdw

Another question is I am going to implement the disable key and make it a
MDE. Is this all I am going to have to do to complete the security?
Nobody
will be allowed to import my backend is this correct?

You'll have to test this for yourself. If you've given them permission on
the backend tables, then they'll be able to import.

 

[Guest]

Joan thanks for the reply, could you answer one more question. The shortcut
works fine and when I log in I can see the Users and groups. However, if I
open the db directly then no log in is required and I don't see the Users or
groups. What could be wrong?

 

[Joan Wild]

Joan thanks for the reply, could you answer one more question. The
shortcut
works fine and when I log in I can see the Users and groups. However, if
I
open the db directly then no log in is required and I don't see the Users
or
groups. What could be wrong?

When you use the shortcut, it is using your secure mdw (and you see the
users and groups that are stored in that mdw).

If you open the db directly, then you are using your default system.mdw,
which doesn't have your users and groups in it.

Two things:
Users and Groups are stored in the mdw file.
If you can even open your mdb using the system.mdw file, then it isn't
secure; you missed a step.

 

[TC]

Ok I figured out the first question. I didn't rejoin to the

system.mdw.

You seldom need to join *any* workgroup file other-than the standard
one. Securing a database involves creating a *new* workgroup file &
using that with the /wrkgrp switch on the startup shortcut.

I don't recall seeing that in the literature.

That's because the literature would not have told you to join the other
file, in the first place.

HTH,
TC

 

[Guest]

Thanks everyone, it took some time but I got everything working. I even
incorporated a pop up form that tells them reconnection is in progress and
hourglass set to true during refreshing of links. I converted it to a MDE
along with MDW. Hopefully this will be enough to keep the snoops out.

 

[TC]

Well done!

TC