How to secure MDW file

T

Thinh Nguyen

Hi all,
I created an application, and secure my application by
creating a workgroup and grant proper permissions for each
group in the workgroup. But this morning, my friend show
me my password that he can get from MDW file of the
application by a tool (my userID is also the database
owner).
I was so unhappy, means Access is not secured any more,
all peoples who have the tool can change the data inside
without audit trail report (in my application, I created a
module, whenever users changed the data, their actions
will be recorded in a table for audit purpose, but now
it's no used).
Can anyone help me with this issue! Can we secure MDW
file?!!!
Many thanks and regards,
Thinh
 
J

John C.

I am developing a project right now.

I plan on securing the code by converting my MDB to a MDE.

This is accomplished from menu
selection: "Tools", "Database Utilities", "Make MDE
File...".

One thing to keep in mind, your tables need to be external
from the code. Have your tables linked.

Well, hope this helped, if not, I'll watch for other
responses.

Good Luck, Merry Christmas!
 
T

Thinh Nguyen

Hi John,
Many thanks for your help. I guess this in an only way.
Regards,
Thinh
 
J

John C.

I wouldn't give up just yet, wait a day and see what other
people suggested...good luck.
 
T

Thinh Nguyen

Hi
I tried to make MDE file for my front-end database as John
advised, but I dealed with another problem: all forms have
event procedures as: on load, on activate.. cannot be
opened.
Do you have any ideas?
Thanks,

PS: my application have two layers: front-end consists of
all forms, reports, queries, modules and linked tables,
and back-end consists of all real tables.
 
I

Immanuel Sibero

Hi

Access is really a desktop, file based database system which means even the
most restricted users usually have to have full privileges on the physical
files and folder where the database files reside. As such, a determined user
can get a copy of any of the files (including the workgroup file) and play
around with it. There are tools out there that can crack users and passwords
information.

If more security is desired, consider a client/server database back end such
as SQL server.

In a network environment, I suppose you can add another *layer* of security
to an Access database app (in addition to the mdw workgroup file) by storing
all the files in a folder that's restricted only to your authorized users.
But if someone wants to show that an mdw file can be cracked, it's not hard
to do, it's been done many times.

HTH,
Immanuel Sibero
 
T

TC

Sorry, there's no way around it. Microsoft make a simple, "schoolboy howler"
mistake in how they implemented the DES encryption of the passwords in the
workgroup file. The consequence of that mistake, is that the passwords can
be "reverse engineered". There is not much you can do, to prevent that.

HTH,
TC
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Changing MDW File (?) 0
Reset to default mdw on exit 8
MDW file - what am I doing wrong? 4
Lost .mdw file 4
Isn't the mdw supposed to session-based? 1
mdw file when converting secure database 1
how to secure a new db with an existing .mdw 6
Secure multiuser applications w/out securing existing/new database 2

Top