[AccessD] Hiding Back End Design

MartyConnelly martyconnelly at shaw.ca
Wed Jun 23 21:25:46 CDT 2004 

My copy is in Edmonton, my brother purloined it for awhile. Give Garry 
an email, I have written him a few times, and he is usually quick on 
answering
just remember he is in Australia. I think your best bet is a program to 
apply  name obfuscation on the final product. I don't know a commercial 
product.
 Even SQL Server and Oracle are crackable by brute force methods if you 
have a physical copy of the database. The reason they are not easily 
cracked is that they are held on a server where other programs like 
windows authentication monitor their access and if more than three tries 
are wrong you can be denied access for a time limit.
 You might want to create your backend in something like CodeBase from 
Sequiter Software. You can get at via ODBC but it might be easier to 
hide field and table names. Even Microsoft and NASA  uses it, but more 
known to C Coders since for pure retrieval speed blows the doors off 
things like MS SQL..


Rocky Smolin - Beach Access Software wrote:

>Marty:
>
>Lassie and Access Project Security Manager work on front end objects.  Don't
>appear to secure the back end.  Do you know if Robinson's book talks about
>securing the back end?
>
>TIA
>
>Rocky
>
>----- Original Message ----- 
>From: "MartyConnelly" <martyconnelly at shaw.ca>
>To: "Access Developers discussion and problem solving"
><accessd at databaseadvisors.com>
>Sent: Tuesday, June 22, 2004 1:06 PM
>Subject: Re: [AccessD] Hiding Back End Design
>
>
>  
>
>>Have you looked at  Garry Robinson's  book yet  "Real World Microsoft
>>Access Database Protection and Security".
>>http://vb123.com/map/
>>
>>A shareware version of a simplified user security add-in - LASsie
>>(Light Application Security) for MS Access - is available for download
>>here:
>>http://www.peterssoftware.com/las.htm
>>
>>Also, there's the Access Project Security Manager from
>>databasecreations, Inc.:
>>http://www.databasecreations.com/prod_apsm.htm
>>
>>
>>Rocky Smolin - Beach Access Software wrote:
>>
>>    
>>
>>>In fact when I was working with this Chinese distributor in the old DOS
>>>      
>>>
>days
>  
>
>>>(I had implemented a hardware key which plugged into the parallel port)
>>>      
>>>
>she
>  
>
>>>told me that they have a saying in China "Locks are for the honest man."
>>>
>>>Rocky
>>>
>>>----- Original Message ----- 
>>>From: <DWUTKA at marlow.com>
>>>To: <accessd at databaseadvisors.com>
>>>Sent: Tuesday, June 22, 2004 8:41 AM
>>>Subject: RE: [AccessD] Hiding Back End Design
>>>
>>>
>>>
>>>
>>>      
>>>
>>>>Couldn't agree more.  When I was in boot camp, one of our drill
>>>>        
>>>>
>sargeants
>  
>
>>>>told us that the lock on our lockers only kept honest people honest.
>>>>        
>>>>
>Very
>  
>
>>>>true statement.
>>>>
>>>>I had a talk with our CFO one day (my bosses boss), and told him that
>>>>        
>>>>
>our
>  
>
>>>>best network security was ignorance.  LOL
>>>>
>>>>Drew
>>>>
>>>>-----Original Message-----
>>>>From: accessd-bounces at databaseadvisors.com
>>>>[mailto:accessd-bounces at databaseadvisors.com]On Behalf Of ACTEBS
>>>>Sent: Monday, June 21, 2004 9:20 PM
>>>>To: 'Access Developers discussion and problem solving'
>>>>Subject: RE: [AccessD] Hiding Back End Design
>>>>
>>>>
>>>>Gustav,
>>>>
>>>>"Personally, I think the time for proprietary systems has passed -
>>>>
>>>>
>>>>        
>>>>
>>>customers
>>>
>>>
>>>      
>>>
>>>>need systems they can drag data from to be used elsewhere."
>>>>
>>>>Never a truer word said.
>>>>
>>>>With the decision by the Munich government to migrate to Linux, France
>>>>looking to do the same and Brazil on the verge, it seems as though the
>>>>        
>>>>
>end
>  
>
>>>>is nigh for the proprietary software/business model.
>>>>
>>>>Hmmm, sorry I went a bit off topic there..... ; )
>>>>
>>>>Rocky - if a cracker wants to crack your software he will. There are
>>>>        
>>>>
>teams
>  
>
>>>>of these people out there who see it as a challenge. Why waste your
>>>>        
>>>>
>time?
>  
>
>>>>Vlad
>>>>
>>>>-----Original Message-----
>>>>From: accessd-bounces at databaseadvisors.com
>>>>[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Gustav Brock
>>>>Sent: Tuesday, 22 June 2004 4:02 AM
>>>>To: Access Developers discussion and problem solving
>>>>Subject: Re: [AccessD] Hiding Back End Design
>>>>
>>>>
>>>>Hi Rocky
>>>>
>>>>No, you cannot open or attach tables from the BE without the correct
>>>>password. But as stated from several already, you can google up at least
>>>>three password crackers.
>>>>
>>>>Next step would be Access security as mentioned by Drew, and the next
>>>>
>>>>
>>>>        
>>>>
>>>would
>>>
>>>
>>>      
>>>
>>>>be to apply field encryption which is a major step.
>>>>
>>>>By why not turn it completely around: make the design open and
>>>>        
>>>>
>documented
>  
>
>>>>        
>>>>
>>>as
>>>
>>>
>>>      
>>>
>>>>"this is the way to build a database for an application like this"? Then
>>>>
>>>>
>>>>        
>>>>
>>>you
>>>
>>>
>>>      
>>>
>>>>are the master and everyone else is the replicant - following the
>>>>        
>>>>
>"Rocky"
>  
>
>>>>standard. Personally, I think the time for proprietary systems has
>>>>
>>>>
>>>>        
>>>>
>>>passed -
>>>
>>>
>>>      
>>>
>>>>customers need systems they can drag data from to be used elsewhere.
>>>>
>>>>Also, I really doubt someone can figure out the intelligence of your app
>>>>just by watching the table design. One can watch what is going on when
>>>>
>>>>
>>>>        
>>>>
>>>data
>>>
>>>
>>>      
>>>
>>>>have been entered or updated but not _how_, and if someone can figure it
>>>>out, he will already know how to build a similar app without knowing
>>>>        
>>>>
>your
>  
>
>>>>table design.
>>>>
>>>>/gustav
>>>>
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>>>If I'm reading the help file correctly, encryption does not hide the
>>>>>objects, just the data, yes?  I need to hide the design of the back
>>>>>end. Password protection is too weak.  I'll be up against
>>>>>professionals.
>>>>>
>>>>>
>>>>>Rocky
>>>>>
>>>>>
>>>>>----- Original Message -----
>>>>>From: "Gustav Brock" <gustav at cactus.dk>
>>>>>To: "Access Developers discussion and problem solving"
>>>>><accessd at databaseadvisors.com>
>>>>>Sent: Monday, June 21, 2004 9:41 AM
>>>>>Subject: Re: [AccessD] Hiding Back End Design
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>        
>>>>
>>>>>>Hi Rocky
>>>>>>
>>>>>>You can encrypt the database. Not bulletproof, of course, but keeps
>>>>>>the average user away.
>>>>>>
>>>>>>/gustav
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>>>Is there a way to easily hide the back end design?  My distributor in
>>>>>>>
>>>>>>>
>>>>>>>              
>>>>>>>
>>>>>Taiwan feels that if the back end design is not hidden then the product
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>can
>>>>
>>>>
>>>>        
>>>>
>>>>>be easily knocked off.
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>-- 
>>>>_______________________________________________
>>>>AccessD mailing list
>>>>AccessD at databaseadvisors.com
>>>>http://databaseadvisors.com/mailman/listinfo/accessd
>>>>Website: http://www.databaseadvisors.com
>>>>
>>>>
>>>>
>>>>-- 
>>>>_______________________________________________
>>>>AccessD mailing list
>>>>AccessD at databaseadvisors.com
>>>>http://databaseadvisors.com/mailman/listinfo/accessd
>>>>Website: http://www.databaseadvisors.com
>>>>-- 
>>>>_______________________________________________
>>>>AccessD mailing list
>>>>AccessD at databaseadvisors.com
>>>>http://databaseadvisors.com/mailman/listinfo/accessd
>>>>Website: http://www.databaseadvisors.com
>>>>
>>>>
>>>>        
>>>>
>>>
>>>      
>>>
>>-- 
>>Marty Connelly
>>Victoria, B.C.
>>Canada
>>
>>
>>
>>-- 
>>_______________________________________________
>>AccessD mailing list
>>AccessD at databaseadvisors.com
>>http://databaseadvisors.com/mailman/listinfo/accessd
>>Website: http://www.databaseadvisors.com
>>    
>>
>
>  
>

-- 
Marty Connelly
Victoria, B.C.
Canada

More information about the AccessD mailing list