Different Access protection "George" <george[ at ]jungle.nz> 12/4/2008 6:42:17 PM Hello Is there a way to secure at 100% an Access database? The password offered in the security options of Access is not secure enough. There are many softwares on Internet that can get this password for less then 20$. What I thought to do is let the users get connected to an application that will check the rights of connection. If the user has sufficient rights, then lunch the database. But even this solution is not secure enough, because anyone can create a new database and imports into it all the database objects without having to go through the connection application I'd have made. He will hit on an access password that he'll crack 'easily' and all the development would be useless. Thanks for any relevant suggestion!

Re: Different Access protection "Arvin Meyer [MVP]" <arvinm[ at ]mvps.invalid> 12/4/2008 7:30:24 PM There are 2 types of security that need to be thought of. The code which can be made into an MDE and secured fairly well (although it can be cracked with some real effort) and the data. If you need absolute security on the data, you will need to use a server based data engine like SQL-Server. Any file-server database is only as secure as the machine it's running on, and the people using it. If you can't trust your users, you should allow them to be using it at all. -- Arvin Meyer, MCP, MVP http://www.datastrat.com http://www.mvps.org/access http://www.accessmvp.com "George" <george[ at ]jungle.nz> wrote in message news:493824a0$0$763$5402220f[ at ]news.sunrise.ch... [Quoted Text] > Hello > > Is there a way to secure at 100% an Access database? > The password offered in the security options of Access is not secure > enough. There are many softwares on Internet that can get this password > for less then 20$. > > > > What I thought to do is let the users get connected to an application that > will check the rights of connection. If the user has sufficient rights, > then lunch the database. > > > > But even this solution is not secure enough, because anyone can create a > new database and imports into it all the database objects without having > to go through the connection application I'd have made. He will hit on an > access password that he'll crack 'easily' and all the development would be > useless. > > > > Thanks for any relevant suggestion! > >

Re: Different Access protection John W. Vinson <jvinson[ at ]STOP_SPAM.WysardOfInfo.com> 12/4/2008 8:09:00 PM On Thu, 4 Dec 2008 19:42:17 +0100, "George" <george[ at ]jungle.nz> wrote: [Quoted Text] >Is there a way to secure at 100% an Access database? There is no way to secure at 100% ANY computer application. -- John W. Vinson [MVP]

Re: Different Access protection pddxxx[ at ]gmail.com 12/4/2008 9:42:20 PM You cannot secure a database 100%. For a comprehensive look at the issue of Access security, Garry Robinson has written a great book entitled "Real World Microsoft Access Database Protection and Security". More info is here: http://vb123.com/map/ We have a product that provides copy protection for Access applications. It uses hardware ID numbers on the end user's computer to act as a sort of software dongle. It's called KeyedAccess and you can download a demo from http://www.peterssoftware.com/ka.htm There's also SageKey Application Security that does something similar: http://www.sagekey.com/security_details.aspx Hope this helps, Peter De Baets Peter's Software - Microsoft Access Tools for Developers http://www.peterssoftware.com

Re: Different Access protection "David W. Fenton" <XXXusenet[ at ]dfenton.com.invalid> 12/5/2008 2:48:29 AM "George" <george[ at ]jungle.nz> wrote in news:493824a0$0$763$5402220f[ at ]news.sunrise.ch: [Quoted Text] > Is there a way to secure at 100% an Access database? The front end or the back end? You use the term "Access," which suggests you're talking about a front end, but people mis-use it all the time (partly promoted by MS's use of the term for the ODBC and OLEDB drivers for Jet, for instance) when what they actually mean is Jet. To be honest, it's actually neither here nor there, as neither can be 100% secured. But your definition of "100%" will depend entirely on your definition of "secured." For many scenarios, Access/Jet can be adequately secured for the purposes it is being used. In others, the Jet back end can be upsized to SQL Server or some other server database that has robust security, and that is sufficient. But ultimately, all security questions are actually "people problems," not technical problems. You have to give your users sufficient access to do their jobs, which means they have to be able to see and edit the data. That's a security risk right there. But it's necessary to trust employees, and as soon as you do so, you open up your data to the risk of theft or corruption. In my experience, "security" is a buzzword that people are concerned about and don't really have a clue what it actually entails. They are also almost always unwilling to recognize the degree to which it's not a problem that can be solved through technology at all, no matter which one you choose. -- David W. Fenton http://www.dfenton.com/ usenet at dfenton dot com http://www.dfenton.com/DFA/

Re: Different Access protection "David W. Fenton" <XXXusenet[ at ]dfenton.com.invalid> 12/5/2008 2:49:49 AM "Arvin Meyer [MVP]" <arvinm[ at ]mvps.invalid> wrote in news:OEcYFbkVJHA.4928[ at ]TK2MSFTNGP05.phx.gbl: [Quoted Text] > If you can't trust your users, you should allow them to > be using it at all. This is true no matter what database engine you are using, and no matter what piece of software. You have to trust users because if you don't, you'll never let them either see or edit any data. That would make them, er, rather unproductive. This is a topic on which there's an awful lot of hysteria, and a failure to recognize the degree to which it's a "people problem" and not a technical one. -- David W. Fenton http://www.dfenton.com/ usenet at dfenton dot com http://www.dfenton.com/DFA/

Re: Different Access protection John W. Vinson <jvinson[ at ]STOP_SPAM.WysardOfInfo.com> 12/5/2008 5:58:43 AM On 5 Dec 2008 02:49:49 GMT, "David W. Fenton" <XXXusenet[ at ]dfenton.com.invalid> wrote: [Quoted Text] >This is a topic on which there's an awful lot of hysteria, and a >failure to recognize the degree to which it's a "people problem" and >not a technical one. Exactly. I once worked at a major pharmaceutical company, in the records office. A research Vice President requested copies of several research protocols - the request seemed a bit odd, but he had every right to them even though they weren't directly in his area. He left the next week to found a compting startup company. -- John W. Vinson [MVP]

Re: Different Access protection "George" <george[ at ]jungle.nz> 12/5/2008 8:51:05 AM Thanks a lot for all your answers! The reason why I asked this question is that I created an access db because it requires less ressource (1.time 2.money) than a server based data engine. The people that I can't trust are the network employees who manage the directory where the access db is stored. and they must access all the directories of the network. Thanks again and have a nice day :) "Arvin Meyer [MVP]" <arvinm[ at ]mvps.invalid> a écrit dans le message de news: OEcYFbkVJHA.4928[ at ]TK2MSFTNGP05.phx.gbl... [Quoted Text] > There are 2 types of security that need to be thought of. The code which > can be made into an MDE and secured fairly well (although it can be > cracked with some real effort) and the data. If you need absolute security > on the data, you will need to use a server based data engine like > SQL-Server. Any file-server database is only as secure as the machine it's > running on, and the people using it. If you can't trust your users, you > should allow them to be using it at all. > -- > Arvin Meyer, MCP, MVP > http://www.datastrat.com > http://www.mvps.org/access > http://www.accessmvp.com > > > "George" <george[ at ]jungle.nz> wrote in message > news:493824a0$0$763$5402220f[ at ]news.sunrise.ch... >> Hello >> >> Is there a way to secure at 100% an Access database? >> The password offered in the security options of Access is not secure >> enough. There are many softwares on Internet that can get this password >> for less then 20$. >> >> >> >> What I thought to do is let the users get connected to an application >> that will check the rights of connection. If the user has sufficient >> rights, then lunch the database. >> >> >> >> But even this solution is not secure enough, because anyone can create a >> new database and imports into it all the database objects without having >> to go through the connection application I'd have made. He will hit on an >> access password that he'll crack 'easily' and all the development would >> be useless. >> >> >> >> Thanks for any relevant suggestion! >> >> > >

Re: Different Access protection "Arvin Meyer [MVP]" <arvinm[ at ]mvps.invalid> 12/5/2008 1:36:40 PM "John W. Vinson" <jvinson[ at ]STOP_SPAM.WysardOfInfo.com> wrote in message news:6mghj41q8fd3n1gh7n516sj2bi9dth7fhi[ at ]4ax.com... [Quoted Text] > Exactly. I once worked at a major pharmaceutical company, in the records > office. A research Vice President requested copies of several research > protocols - the request seemed a bit odd, but he had every right to them > even > though they weren't directly in his area. > > He left the next week to found a compting startup company. Today, that is illegal, and it may have been when you worked there. Company data is owned by the company and stealing it is a federal crime. -- Arvin Meyer, MCP, MVP http://www.datastrat.com http://www.mvps.org/access http://www.accessmvp.com

Re: Different Access protection "Arvin Meyer [MVP]" <arvinm[ at ]mvps.invalid> 12/5/2008 1:38:57 PM "George" <george[ at ]jungle.nz> wrote in message news:4938eb8e$0$763$5402220f[ at ]news.sunrise.ch... [Quoted Text] > Thanks a lot for all your answers! > The reason why I asked this question is that I created an access db > because it requires less ressource (1.time 2.money) than a server based > data engine. > The people that I can't trust are the network employees who manage the > directory where the access db is stored. and they must access all the > directories of the network. > Thanks again and have a nice day :) If that's the case, you are out of luck. There is no way to completely secure any database from network administrative employees. -- Arvin Meyer, MCP, MVP http://www.datastrat.com http://www.mvps.org/access http://www.accessmvp.com