Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

signon security 3

Status
Not open for further replies.

fredk

Technical User
Jul 26, 2001
708
US
I have a database that I created and have maintained for about a year - I want to secure the database but have been unsucessful with the security wizard.

My database is on a shared drive - I have heard people speak of setting up their own security but I am not sure how to proceed. (i.e. where do I get the users logins?)

Does anyone have any information on this? Thanks!!!
 
JeremyNYC,

at last someone agrees with my post from February!

Everyone,

Also if you want to manipulate Access Security using VBA have a look at this on MSDN

I've been getting into this recently and have found that using ADOX and Jet 4.0 SQL commands are a great way of setting up and assigning new users etc.

Cheers,

Steve. Make things as simple as possible — but no simpler.
 
hi new9, can i have copy of your Security System?
my email address : Mark.Austin@cbs.fiserv.com.


JeremyNYC - I note your comments on using the built-in Access security, but I don't find it flexible enough for my needs. I have a database where I want to set not only User Level Security but Group Level Security - but then I also won't the facility to be able to override the Group Level Security for some Users by assigning them a specific level of authority - it all sounds a bit far fetched, but it is required to suit my companies needs.

 
Madhouse,

What you are doing can easily be done using access security. You can assisgn each user a seperate ID. Allow them to be members of groups to give overall permissions and also assign individual positions to areas of the system to override the grouping.

It only takes one person to export an 'autoexec' macro to you DB with a nasty module to do a lot of damage, especially on a network. Using Access security correctly will ensure that this can't happen, using homegrown security leaves you open.

Cheers,

Steve.

Make things as simple as possible — but no simpler.
 
SteveCarey,

Ok, but what I also want to do is to be able to set options for each Users Profile such as the following:

1) Number of days until passwords expires
2) If User forgets password generate a temporary password
3) Force a User to change their password
4) Disable a Users Profile

There are further options in addition to the above, but I hope you get the general idea.

So could the above be done using the built-in Access Security?
 
Madhouse,

I'd say that you can do the majority of that using code.
If you use individual user ids in your workgroup file and also store this in a table you can use currentuser() to find out who is the person currently logged in. You can store various information in a table and combine this with the code that you can write to manipulate the security file (see the link in my previous post above), I've found using ADOX and Jet 4.0 SQL is very useful and quite simple to use.
You'll also probably find that you can adapt your existing code to fit in with this method. The only thing that may be difficult is item 2, although I wouldn't advise doing this anyway. I always make sure that users have to formally request a password reset to a system administrator to ensure people who shouldn't be accessing the system aren't doing so. The system admin would then press a button in the user admin section of the system to give a temporary password that would expire as soon as it was used.

It may take some time but if you persevere with the built in security you'll soon realise there's no other way!

Hope this helps.

Cheers,

Steve. Make things as simple as possible — but no simpler.
 
Steve,

Keep fighting the good fight!!

Really, though, folks. Steve is spot on. Everything you want to do with security can be done with Access security. Yes you will have to build some stuff on to the back end of it, but you will at least have an extremely solid base from which to start, and you will be interacting with a fully documented object model.

First, FULLY understand everything that Access security can do for you. Then build stuff on top of it.

It _will_ work, in whatever scenario you have.

Jeremy =============
Jeremy Wallace
Designing, Developing, and Deploying Access Databases Since 1995

Take a look at the Developer's section of the site for some helpful fundamentals.
 
What happens if the file that holds the Group/User profiles becomes corrupt? How can you then access the database?
 
What happens if the file holding the database becomes corrupt? How can you then access the database?

With a backup file, of course.

And the same is true of an MDW.

Except that with and MDW, if you've written down three pieces of information, you'll always be able to generate a new file that gets you into the database, even if you didn't back up that MDW.

Jeremy =============
Jeremy Wallace
Designing, Developing, and Deploying Access Databases Since 1995

Take a look at the Developer's section of the site for some helpful fundamentals.
 
OK, I'm almost convinced...just one last thing. You mentioned how unsecure a "home developed" security can be, such as someone exporting an 'autoexec' macro to the DB. Well a friend of mine has shown me a tool, which is freely available to download, that can find and retrieve the passwords for databases secured by the built-in Access security. At first I didn't believe him, but then he created a demo database, secured it using Access Security, then used the tool to retrieve the password! So the Access Security isn't all that secure either. Which brings me to the conclusion that no matter what type of security one implements there is always a way for someone to gain unauthorised access.
 
Madhouse,

You are correct about that. I generally don't discuss those tools in public forums, because the fewer who know about them the better.

Access security is a long way from bullet proof. It's quite good at keeping people from happening onto data they shouldn't see. It's pretty good at keeping people from having fruitful searches for holes in your database. And it's totally insufficient for keeping out malicious people who are willing to actually break your security.

So too, is any system that stores the security information in the database file.

But using Access security, again, at least you'll be working with a fully documented object model, and you'll have a community of developers to support you when something seems a little odd.

Jeremy =============
Jeremy Wallace
Designing, Developing, and Deploying Access Databases Since 1995

Take a look at the Developer's section of the site for some helpful fundamentals.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top