[AccessD] Access security question

Josh McFarlane darsant at gmail.com
Mon Jun 6 17:23:01 CDT 2005 

On 6/6/05, Jim Dettman <jimdettman at earthlink.net> wrote:
> Steve,
> 
> <<Or is it even possible for the application to handle Access security
> like this. That is, can Access security work without a user explicitly
> typing in a password?>>
> 
>   Yes it can.  Access security is always "on", it's just that you don't get
> a password prompt if the admin user has a blank password (JET always
> attempts a logon with username admin and a blank password when it first
> tries to open a database).
> 
> <<Lets
> say that the tables in the BE have Access security invoked. If the
> FE/BE is distributed in MDE format with Access Runtime, can a user
> with a full-bore package of Access start the application, break out of
> it, and wind up with all the tables available to him for editing, etc?
> This is provided that the security is administered by the software so
> that the actual security password is not known by the user. Only user
> names and application passwords would be known.>>
> 
>   Without Access user level security in place on the BE tables, yes.  To
> prevent that, they need to be properly secured with user level security and
> all the queries will need RWO (Run with owner permissions) set or you need
> to open a workspace object with the correct username/password in code.
> 
> Jim.
Here's another access security question:

In terms of front-end security, can a front-end truly be locked down
to force a user to remain in the GUI and abide by it's code?

Coding in C++ with an interface to an Access backend allows you to
allow the user to only work in the program your way, without tinkering
with the tables (you can always password protect the Access database
then encode the password into the program itself).

However, in also using Access as a front end, it seems to me that a
user could still break out the loop and use whatever queries had write
access to manually go in and mess around with things, sometimes
allowing a bypass of a transaction log.

Can Access be locked down so someone who knows a thing or two about
Access can't modify data directly?

Thanks,
Josh McFarlane

"Peace cannot be kept by force. It can only be achieved by understanding."
-Albert Einstein

More information about the AccessD mailing list