[AccessD] Hiding Back End Design

Rocky Smolin - Beach Access Software bchacc at san.rr.com
Tue Jun 22 15:34:38 CDT 2004


Marty:

Lassie and Access Project Security Manager work on front end objects.  Don't
appear to secure the back end.  Do you know if Robinson's book talks about
securing the back end?

TIA

Rocky

----- Original Message ----- 
From: "MartyConnelly" <martyconnelly at shaw.ca>
To: "Access Developers discussion and problem solving"
<accessd at databaseadvisors.com>
Sent: Tuesday, June 22, 2004 1:06 PM
Subject: Re: [AccessD] Hiding Back End Design


> Have you looked at  Garry Robinson's  book yet  "Real World Microsoft
> Access Database Protection and Security".
> http://vb123.com/map/
>
> A shareware version of a simplified user security add-in - LASsie
> (Light Application Security) for MS Access - is available for download
> here:
> http://www.peterssoftware.com/las.htm
>
> Also, there's the Access Project Security Manager from
> databasecreations, Inc.:
> http://www.databasecreations.com/prod_apsm.htm
>
>
> Rocky Smolin - Beach Access Software wrote:
>
> >In fact when I was working with this Chinese distributor in the old DOS
days
> >(I had implemented a hardware key which plugged into the parallel port)
she
> >told me that they have a saying in China "Locks are for the honest man."
> >
> >Rocky
> >
> >----- Original Message ----- 
> >From: <DWUTKA at marlow.com>
> >To: <accessd at databaseadvisors.com>
> >Sent: Tuesday, June 22, 2004 8:41 AM
> >Subject: RE: [AccessD] Hiding Back End Design
> >
> >
> >
> >
> >>Couldn't agree more.  When I was in boot camp, one of our drill
sargeants
> >>told us that the lock on our lockers only kept honest people honest.
Very
> >>true statement.
> >>
> >>I had a talk with our CFO one day (my bosses boss), and told him that
our
> >>best network security was ignorance.  LOL
> >>
> >>Drew
> >>
> >>-----Original Message-----
> >>From: accessd-bounces at databaseadvisors.com
> >>[mailto:accessd-bounces at databaseadvisors.com]On Behalf Of ACTEBS
> >>Sent: Monday, June 21, 2004 9:20 PM
> >>To: 'Access Developers discussion and problem solving'
> >>Subject: RE: [AccessD] Hiding Back End Design
> >>
> >>
> >>Gustav,
> >>
> >>"Personally, I think the time for proprietary systems has passed -
> >>
> >>
> >customers
> >
> >
> >>need systems they can drag data from to be used elsewhere."
> >>
> >>Never a truer word said.
> >>
> >>With the decision by the Munich government to migrate to Linux, France
> >>looking to do the same and Brazil on the verge, it seems as though the
end
> >>is nigh for the proprietary software/business model.
> >>
> >>Hmmm, sorry I went a bit off topic there..... ; )
> >>
> >>Rocky - if a cracker wants to crack your software he will. There are
teams
> >>of these people out there who see it as a challenge. Why waste your
time?
> >>
> >>Vlad
> >>
> >>-----Original Message-----
> >>From: accessd-bounces at databaseadvisors.com
> >>[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Gustav Brock
> >>Sent: Tuesday, 22 June 2004 4:02 AM
> >>To: Access Developers discussion and problem solving
> >>Subject: Re: [AccessD] Hiding Back End Design
> >>
> >>
> >>Hi Rocky
> >>
> >>No, you cannot open or attach tables from the BE without the correct
> >>password. But as stated from several already, you can google up at least
> >>three password crackers.
> >>
> >>Next step would be Access security as mentioned by Drew, and the next
> >>
> >>
> >would
> >
> >
> >>be to apply field encryption which is a major step.
> >>
> >>By why not turn it completely around: make the design open and
documented
> >>
> >>
> >as
> >
> >
> >>"this is the way to build a database for an application like this"? Then
> >>
> >>
> >you
> >
> >
> >>are the master and everyone else is the replicant - following the
"Rocky"
> >>standard. Personally, I think the time for proprietary systems has
> >>
> >>
> >passed -
> >
> >
> >>customers need systems they can drag data from to be used elsewhere.
> >>
> >>Also, I really doubt someone can figure out the intelligence of your app
> >>just by watching the table design. One can watch what is going on when
> >>
> >>
> >data
> >
> >
> >>have been entered or updated but not _how_, and if someone can figure it
> >>out, he will already know how to build a similar app without knowing
your
> >>table design.
> >>
> >>/gustav
> >>
> >>
> >>
> >>
> >>>If I'm reading the help file correctly, encryption does not hide the
> >>>objects, just the data, yes?  I need to hide the design of the back
> >>>end. Password protection is too weak.  I'll be up against
> >>>professionals.
> >>>
> >>>
> >>>Rocky
> >>>
> >>>
> >>>----- Original Message -----
> >>>From: "Gustav Brock" <gustav at cactus.dk>
> >>>To: "Access Developers discussion and problem solving"
> >>><accessd at databaseadvisors.com>
> >>>Sent: Monday, June 21, 2004 9:41 AM
> >>>Subject: Re: [AccessD] Hiding Back End Design
> >>>
> >>>
> >>
> >>
> >>>>Hi Rocky
> >>>>
> >>>>You can encrypt the database. Not bulletproof, of course, but keeps
> >>>>the average user away.
> >>>>
> >>>>/gustav
> >>>>
> >>>>
> >>>>
> >>>>>Is there a way to easily hide the back end design?  My distributor in
> >>>>>
> >>>>>
> >>>Taiwan feels that if the back end design is not hidden then the product
> >>>
> >>>
> >>can
> >>
> >>
> >>>be easily knocked off.
> >>>
> >>>
> >>-- 
> >>_______________________________________________
> >>AccessD mailing list
> >>AccessD at databaseadvisors.com
> >>http://databaseadvisors.com/mailman/listinfo/accessd
> >>Website: http://www.databaseadvisors.com
> >>
> >>
> >>
> >>-- 
> >>_______________________________________________
> >>AccessD mailing list
> >>AccessD at databaseadvisors.com
> >>http://databaseadvisors.com/mailman/listinfo/accessd
> >>Website: http://www.databaseadvisors.com
> >>-- 
> >>_______________________________________________
> >>AccessD mailing list
> >>AccessD at databaseadvisors.com
> >>http://databaseadvisors.com/mailman/listinfo/accessd
> >>Website: http://www.databaseadvisors.com
> >>
> >>
> >
> >
> >
>
> -- 
> Marty Connelly
> Victoria, B.C.
> Canada
>
>
>
> -- 
> _______________________________________________
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com




More information about the AccessD mailing list