Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

signon security 3

Status
Not open for further replies.

fredk

Technical User
Jul 26, 2001
708
US
I have a database that I created and have maintained for about a year - I want to secure the database but have been unsucessful with the security wizard.

My database is on a shared drive - I have heard people speak of setting up their own security but I am not sure how to proceed. (i.e. where do I get the users logins?)

Does anyone have any information on this? Thanks!!!
 
You can return the NT Login in VBA using the environ function which returns Windows Environment Variables....

environ("username")
 
Thanks for the replies!!! -

Linda - I guess I had originally tried to put a password on the database because it was on a network drive that anyone in my company could access. I just wanted the password for this database but when I set it, it would request the password for any database in access.

I would like to set up security with signon's but have no idea where to start.

Any direction would be greatly appreciated!!!
 
Ah ha! That's what I thought it was going to be. I did exactly the same thing when I was first working with it.

The solution: When you used the security wizard, you chose the option "I want to make this my default work group information file." That's why it applied it to all the databases. Instead, you want to choose the "I want to create a shortcut to open my secured database." The creates a shortcut for only that database, and you must use the shortcut to open it (it won't open if you simply click on the file). This does mean that your users will have to have the shortcut on their desktop to use the database. In our case, we put the shortcut in the network directory and assisted everyone with getting it on their desktops.

Unfortunately, nothing in the instructions tells you this...You sort of have to find out by trial and error.
Linda Adams
Visit my web site for writing and Microsoft Word tips: Official web site for actor David Hedison:
 
Hi Fredk:
I developed my own DB with a security system that is required for each user to have 1)A Useer Id and 2)A Password. Pluse, every user has a specific authority( By Department). Essencially,I had to do this :
1)Creating a User_Id_Pass Table.
2)Creating an Autherity.Table which linked to the User_Id.Pass.Table.
3)Creating a Log_On_Screen with some cade to check User_Id & Password.
4)Doing the appropriate adjustment to some queries to take care of authority.

IN MY CASE SO FAR SO GOOD
By the way, my DB is installed on a shared folder in my company server and it is used by 50 users. The only problem I am facing some times is having the DB locked by a user. Although I set my DB as a SHARED DB,I am getting a message that "the DB is put in state by user Admin on machine ... " which I am working on it.

Hope this help,

PS:If someone did it, It gives me hope that I can do it too
 
Thanks for the info new9 - I would love to see the form if that is @ all possible (and the code) if not, I understand. But thanks for the guidance, I really appreciate it!

Fred
 
No Problem @ all. How would you like me to send it?
 
Whatever is most convenient for you would be fine - If I could actually see the database then I could figure it out - But I understand if you do not want to do that -

Either way I really appreciate your help!!

Thanks again for your help!!!
 
Hi fredk:
I have a zipped file but I don't know how to send it.
:~/
 
Thanks New9 - Can you email it to kampf369@yahoo.com?
 
Hi fredk:
I sent you a zip file on 9-2-2002.
Hope you like it.

Take care,,

PS: I am new to the site not to Programming :)
 
Thanks New9 - I appreciate you taking the time and sharing the information - I was just thinking about this the other day. It will really help me along my way! Thanks again!!!
 
Hi fredk:
Please, can you tell me if my approch was fine? Also, I hope that can update me if you find a better way or any emprovement for waht I did.

Thanks,,
 
The best way to secure a database is to use the in built security and assign different permissions to users / developers / Admin and ensure people log in to the correct security file before they log in (This can be done via a desktop shortcut to save time). This ensures that no changes etc. can take place.
Using "home developed" security can be useful for giving access to correct forms or reports etc. but it is prone to abuse. If permissions are not set up on objects they can be imported into another file and changed or a trojan autoexec can be exported into your file. This could be linked to code that does horrible things to your system /network.

Access security is very good. If you take time to learn it you will find it very useful.

I have a document somewhere that is quite good for outlining how to use Access security. If you want a copy let me know your Email address and I will dig it out and send it to you.

Cheers,

SC Make things as simple as possible — but no simpler.
 
Hey New9 could i please have a copy of that Zip file , i am trying to something similar with passwords and autorities , and i would be usefull to see how you did it .
Thanx
My E-mail Address is
Work :hugh.lennox@uk.thalesgroup.com
Home : shuggyboy@btinternet.com
>:):O>
 
Hi SteveCarey:
First of all thanks for your offer.
Actually, I developed my own security schem because 99% of the users were assighned same authority for the forms & reports. The only difference was on which data they can use (same data but different deprtments. Therfore, using Access security will help in some part but not for the other. In addition, I have a nice code for enabiling & disabling the shif key wich I can activate any time (I got the code from a user group over the internet).
The only problem that I have some times is getting users blocked from entering the data base when a specific user loggenon (I am not sure if this happend as a result of my security schem or it is inherited from Access 2000).
Thanks,,

PS: My Email: prag8@yahoo.com
 
Hi Animaniac :
I sent the zip file to your work Email.

Good Luck
 
Hi New9 - I did go through it and it made a lot of sense to me. I have not attempted to implement it yet because I am swamped but I am looking forward to the task.

It seems well put together and I believe it is going to work for me. Thanks so much for taking the time to help me out - I will let you know when I actually implement the process!

Thanks again!
 
SteveCarey,
I'd appreciate the document on access security, always interested in picking up nuances when I can. Please send it to IntuitiveAccess@Yahoo.com
Thanks

New9,
I have used home-made security in the past when I am more concerned about identifying a user than actually securing a database. For instance, when the database is not critical and only used by a couple of users. The only advantage is that the administration can be built into the database and look more seamless. However, if you're interested in actually securing a database, anyone with minimal MS Access knowledge could hack your database in about 3 minutes if they can only type with one hand.

Here is how you do it:
1) Create a new database
2) Select "Get External Data" "Link Tables"
3) Select the file with your passwords table in it
4) Link the table
5) Open the table and get the admin ID and password
6) Log in to your database using the Admin ID and pw.

See the holes? A way that is slightly more secure (only slightly) is to use the Environ function to return the Win NT login as suggested by Pezamystik above. This way the usernames and passwords are not stored in the database at all. This means you can only access the database if you're signed in on that computer.

The downside is that if you walk away from your desktop, anyone can sit down at your computer and access the database as you. However, this same thing occurs with Access security if you leave the database open and walk away. There are ways to automatically detect and log out an idle user in Access which fixes this.

You need to determine how secure you want your database. If you just want to identify a user, just have them choose their name from a combo box and forget the pw altogether.
Jonathan
________________________________________
It is not fair to ask of others what you are unwilling to do yourself.
-Eleanor Roosevelt
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top