Don Garry said:
Good morning...
I'm looking for some advice as to which is more secure in Access 2000:
1) Use a MDE + User Level Security
2) Use User Level Security and Protect the VBA code with a password
3) Some other combination which I'm not aware of.
Access security is for keeping honest people honest and for keeping users
from stumbling over their own feet. Don't count on it to protect anything
that someone is going to want more than about $150 worth, particularly
someone (like a client) to whom you deliver the secured database.
A good combination for protecting most of your code and the user's data is
an Access client application, delivered as MDE with User Level Security
working against a server database with the more robust security server DBs
provide.
Security is not a solution, in many cases, for protecting the application
itself, because many experienced Access developers can observe an
application running and re-create it quickly and easily. After all, they can
see the design of the application, and the specific design of the forms and
reports, and infer the logic from what happens.
I worked as a subcontractor to the contractor maintaining and enhancing a
corporate application -- I don't know what they spent before I was involved
(I know it was 'substantial'), but I am sure they spent over $250,000,
perhaps even more, afterward (not including another probably $100,000 of Y2K
'remediation' and 'validation'). I'd bet I could, all alone and working
mostly from memory, recreate the useful* parts of that application in six
months or less.
* the people who created the original application
knew the general business, but didn't know the
things that the users of this particular subset of
the business would find useful -- so there were
a number of no-longer-used forms, reports,
code, etc.. (much of that was eliminated in the
Y2K remediation project).
Larry Linson
Microsof Access MVP
