Replication, Splitting or What?

[Guest]

Pretty much a Novice User here and a search of the archives didn't produce
for me. Hopefuly, this is the correct place to post this...

I am running Access 2003 and have a database in Access 2002-2003 format on
Windows XP SP2. I have some sensitive data entry work which a remote worker
will perform disconnected from the network on a laptop. When initially copied
from the network, I'd like the worker to receive just the blank master data
table, the data entry form and lookup tables/queries. But the queries which
populate some of the form's fields are in part based upon the master table
which I wish to be blank in the first place. And I'm wondering about
maintaining the uniqueness of the primary key when merging the data when the
data entry is complete. Is there code involved? Some posts seem to suggest
that may be necessary, but I was hoping not.

I'm really green here; I'm not sure if replication, splitting or some other
approach is best. Any advice or gotchas welcome.

 

[Guest]

Thanks, Damian for the helpful and speedy reply.

To answer your question, only some, of the fields in the master table are
sensitive, maybe 1/2 of the fields. I'm trying to minimize damage in the
event the laptop is stolen or compromised. The lookup queries are generated
from non-sensitive fields. Hope that makes sense. When replication occurs,
can I use static tables for these lookups and will they be available to the
remote worker?

Thanks again.

 

[Guest]

Hi again,

No worries...

I guess one of the things to consider about a laptop being lost/stolen is
ALL of the information on the laptop, not just your database. You could
protect your data somewhat by implementing user-level security, however to
protect the data on your laptop you could use some type of
encryption/security device to protect your hard disk itself...

Hope this helps.

Damian.

 

[David W. Fenton]

I'm really green here; I'm not sure if replication, splitting or
some other approach is best. Any advice or gotchas welcome.

Without a network connection, you can't use replication.

 

[David W. Fenton]

If you want a user to have access to your database on their
notebook and NOT be connected to the network, AND you want their
changes to be reflected in your database on the network you will
need to use replication.

If the remote user can *never* connect to the network, then you
simply can't use replication.

Replication is only workable for the occasionally-connected remote
user. That connection can be via LAN (direct replication) or over
the Internet (inirect or Internet replication). But if no connection
is possible, you simply can't use replication without breaking the
underlying architecture of Jet replication, with possible data loss
and corruption as the result.

 

[David W. Fenton]

I guess one of the things to consider about a laptop being
lost/stolen is ALL of the information on the laptop, not just your
database. You could protect your data somewhat by implementing
user-level security, however to protect the data on your laptop
you could use some type of encryption/security device to protect
your hard disk itself...

The laptop should have no Guest account enabled.

It should not use the EVERYONE group for sharing any data (use
AUTHENTICATED USERS instead).

In fact, if you really want it safe, don't share any data at all.

Don't cache user logons (the default is caching 10, to allow a
disconnected laptop user to log on as though connected to a domain
controller).

Make sure all user accounts on the latop have strong passwords. This
means:

1. 8 or more characters.

2. mix of numeric, non-numeric and mixed case alpha.

3. not crackable with a dictionary attack (i.e., don't use a word
that's in the dictionary).

Change the name of the default administrator account, or create a
new administrator account with a non-obvious name and remove the
default administrator account from the Administrators group.

Make the password on the admin accounts extra-strong (more than 8
characters).

Make none of the other users on the laptop administrators -- make
them only user-level logons.

Encrypt the NTFS file system.

Last of all apply Jet user-level security to your MDB as a final
minor protection and make sure the MDB is encrypted.

This is as safe as you can get a laptop. It can still be cracked,
but it will take a lot of work, or an extremely knowledgable cracker
with lots of computing power. The CIA and FBI could crack it. Your
garden-variety laptop thief could not.