using recovery programs to bust ULS!!!!!!

[Guest]

I am with a University and I have an access Database that I want to put on
their server but the IT people say that it is their understanding that you
can't secure an Access database with Access security tools (i.e. user level
security). To prove the point they took a program called (i think) Database
Revovery from a company called Ontrack and "recovered" my BE that had ULS.
The recovered version had No ULS on it and they could see everything in my
database.

Is there any way to protect an Access database so that it cannot be opened
with a simple comercial program? For example, can it also be encrypted? I am
assuming that I am doing something wrong.

Also, I had suggested using the Server's security functions to protect the
BE but they said that users could still take the BE off the server. If access
can't secure itself, is there a way to secure the BE behind a Server's
firewall, etc?

This is all rather depressing since it seems that I can't use the program!!!

thanks,

 

[Rick Brandt]

I am with a University and I have an access Database that I want to
put on their server but the IT people say that it is their
understanding that you can't secure an Access database with Access
security tools (i.e. user level security). To prove the point they
took a program called (i think) Database Revovery from a company
called Ontrack and "recovered" my BE that had ULS. The recovered
version had No ULS on it and they could see everything in my database.

Is there any way to protect an Access database so that it cannot be
opened with a simple comercial program? For example, can it also be
encrypted? I am assuming that I am doing something wrong.

Also, I had suggested using the Server's security functions to
protect the BE but they said that users could still take the BE off
the server. If access can't secure itself, is there a way to secure
the BE behind a Server's firewall, etc?

This is all rather depressing since it seems that I can't use the
program!!!

thanks,

If you need to protect your data from non-users of the application then
network security is sufficient to do that. If you need to protect the data
from USERS of the application then the data should not be in an MDB file.
In that sense your IT people are correct.

 

[Guest]

Thank you, however what can i do?
Can you direct me to a note someone has written on how to convert my BE to a
non MDB file so that I can protect it. In other words, I am sure that there
is published somewhere how to convert it to MS sql or something so that users
in a network environment can use my FE with the forms linked to a secure,
server-based BE so that I can educate myself a bit before talking with the IT
people.

One last thing, is it not possible to encrypt the BE through Access tools?

thanks

 

[Rick Brandt]

Thank you, however what can i do?
Can you direct me to a note someone has written on how to convert my
BE to a non MDB file so that I can protect it. In other words, I am
sure that there is published somewhere how to convert it to MS sql or
something so that users in a network environment can use my FE with
the forms linked to a secure, server-based BE so that I can educate
myself a bit before talking with the IT people.

One last thing, is it not possible to encrypt the BE through Access
tools?

Encrytping in Access just protects the data from being looked at with
Notepad, a hex editor, or similar program. It does nothing to protect
someone from looking at it with Access because Access just decrypts it on
the fly as it is looked at.

Depending on the application it can be fairly easy to move the data to a
server database (like SQL Server) or it can be a big job. First thing
would be to see if you can get a SQL Server instance installed on a server
somewhere on the network and whether someone in the IT staff will maintain
it or if they will expect that to be your problem. Until you have that
figured out there is no point in worrying about the technical details of
doing it.

 

[Guest]

thanks for your help and time, I will get with them.

 

[Guest]

Hi Rick,
Sorry to bother you again but this is really bothering me and I just want to
confirm things. If I understand things correctly it is IMPOSSIBLE to secure a
mdb file (i.e. backend) and even with user level security ANYONE that has
access to the BE can easily open it and read any info using a comercially
available program.

If this is true the Access is pretty damn worthless. Any Access database
that stores peoples ages, credit card numbers, addresses, etc. is accessable
to anyone that can get to the backend.

How come NOBODY talks about this. When I asked questions about securing my
data I was told by everyone to use ULS and RWOP queries to lock people out of
things- which I now see was a big waste of time. If it is truly tis bad
people need to start talking openly about this. For example, I saw an MVP
that has an application for taking reservations etc. for tourists. If I
bought this and put it on a pc, even with ULS an employee could take the BE,
open it and sell people's credit card numbers etc. Surely I am missing
something ...... or is it really this bad?

thanks,