MDE security issue Guru's please help ...

[Joe]

Hello All,

Any time you can take a copy of a file ( an Access XYZ.MDE file) and walk
away with it, it's not very secure.

But this was just to easy. My app is split in to a back and front end.
Most application data is stored in a back-end consiting of tables only. The
front end has links to the back-end and a few local tables for settings and
the like.
My back-end requires a password to open the database. The front is complied
to an MDE.

I did not realize that you could simply open any Access MDB or create a new
one and import all the tables including linked tables and gain read write
access to the link tables data in the MDE. (Ooch!)

Is there anyway to prevent this other than with Access workgroup security?
Is their some programmable option that can hide or otherwise make importing
my linked tables (with connection strings) impossible.

Thanks for any help.

Joe

 

[Rick Brandt]

Hello All,

Any time you can take a copy of a file ( an Access XYZ.MDE file) and
walk away with it, it's not very secure.

But this was just to easy. My app is split in to a back and front
end. Most application data is stored in a back-end consiting of
tables only. The front end has links to the back-end and a few local
tables for settings and the like.
My back-end requires a password to open the database. The front is
complied to an MDE.

I did not realize that you could simply open any Access MDB or create
a new one and import all the tables including linked tables and gain
read write access to the link tables data in the MDE. (Ooch!)

Is there anyway to prevent this other than with Access workgroup
security? Is their some programmable option that can hide or
otherwise make importing my linked tables (with connection strings)
impossible.
Thanks for any help.

Joe

Most Access security steps are either barriers or obfuscation of one kind or
another. My general advice is...

To protect the data from non-users of the app use network security.

To protect data from users of the app DON'T store it in an MDB. Use a server
based back end that has more robust security. With an MDB you can only keep out
the ignorant.

 

[Chris Mills]

There are cracks for everything nowadays. But, even though easily available
via an internet search, they at least require some effort and intent on the
user's part.

Most users, fortunately, just want to use your app to do their job.

An mde only secures forms and code and things. It doesn't do a thing for table
security, even without hacking.

If you implement User Level Security, on both the front-end and the back-end,
they at least have to go to some trouble to break into it (higher-level
cracking at least requires they purchase something, which is better than
merely free)

So, yes you are right. It CAN just be copied. Like Rick Brandt said (but I'll
say in my own way), Access security is only one of many aspects of security.
Don't employ ex-hackers for instance

Are you trying to secure your "program" (mde), or your "data"? Is it "your
data" or "their data"? Gosh, there are so many security questions...

 

[TC]

Workgroup security stops the user doing certain things. /Without/
workgroup security, /any/ user can do /anything/ with your front or
back end database, in terms of reading, changing or deleting data from
either or both.

HTH,
TC

 

[tina]

there's no way to *completely* secure an Access database. but you can do
various things to make it "more" secure. suggest you pick up a copy of Garry
Robinson's Real World Microsoft Access Database Protection and Security;
there are plenty of useful ideas there to choose from.

hth

 

[david epsom dot com dot au]

Is there anyway to prevent this other than with Access workgroup

You don't have to use linked tables. You can use forms bound directly to the
BE database. And/Or dynamic sql directly referencing the BE database.

(david)