[AccessD] Code Library, Sample Database, Etc.

Eric Barro ebarro at verizon.net
Tue Feb 20 23:35:35 CST 2007


Eh? Do you work for Microsoft? This sounds exactly like their security
philosophy -- security by anonymity...

 ;) 

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of William Hindman
Sent: Tuesday, February 20, 2007 8:57 PM
To: Access Developers discussion and problem solving
Subject: Re: [AccessD] Code Library, Sample Database, Etc.

...busted send ...anyway, while technically true, my users never have Access
installed and there are no Wutka's among them ...I'm just not going to wet
my pants over the possibility that one of them could use excel or word vba
to get to the tables ...they all know I'd colbyize them :)

William Hindman

----- Original Message -----
From: "Drew Wutka" <DWUTKA at marlow.com>
To: "Access Developers discussion and problem solving" 
<accessd at databaseadvisors.com>
Sent: Tuesday, February 20, 2007 8:03 PM
Subject: Re: [AccessD] Code Library, Sample Database, Etc.


> Yep..... even in a runtime environment.  An .mde only protects the
> forms/reports/code.  The tables (and querries and the data within) are
> still accessible through ANYTHING that can connect to an Access .mdb.
> (Access itself, Excel, word, VBScript, heck, anything that can use ADO
> or DAO.).
>
> The only thing that protects an Access table (whether it's an .mdb, or
> .mde) is Access User Level Security.
>
> Don't believe me?  Just open an .mdb, and go link a table, find an .mde
> to link to, and you'll see ALL of your tables right there....
>
> Drew
>
> -----Original Message-----
> From: accessd-bounces at databaseadvisors.com
> [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of William
> Hindman
> Sent: Tuesday, February 20, 2007 6:43 PM
> To: Access Developers discussion and problem solving
> Subject: Re: [AccessD] Code Library, Sample Database, Etc.
>
> ...not in a runtime environment :)
>
> William Hindman
>
> ----- Original Message ----- 
> From: "Drew Wutka" <DWUTKA at marlow.com>
> To: "Access Developers discussion and problem solving"
> <accessd at databaseadvisors.com>
> Sent: Tuesday, February 20, 2007 6:35 PM
> Subject: Re: [AccessD] Code Library, Sample Database, Etc.
>
>
>> If you aren't using User Level security, what's the point in any
>> 'security' within the db anyhow?
>>
>> Let's say you have a form that only Mr. X should be able to use.  This
>> form edits tblXYZ.  Sure, from the .mde interface only Mr. X would get
>> the form, if you design it that way.  But any Joe Schmoe can link to
> ALL
>> the tables in the .mde, and do whatever they want to the data.....
>>
>> Drew
>>
>> -----Original Message-----
>> From: accessd-bounces at databaseadvisors.com
>> [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of William
>> Hindman
>> Sent: Tuesday, February 20, 2007 5:25 PM
>> To: Access Developers discussion and problem solving
>> Subject: Re: [AccessD] Code Library, Sample Database, Etc.
>>
>> ...I'm left dazed by your disparagement of XP security! :)
>>
>> ...pray tell why in a 12 user office where no personal information is
>> available in the app, the xp user logon should not be sufficient to
>> determine access rights to forms needing restricted access based upon
>> user
>> roles?
>>
>> William Hindman ...apparently a paranoid programmer ...who knew? :)
>>
>> ----- Original Message ----- 
>> From: "Charlotte Foust" <cfoust at infostatsystems.com>
>> To: "Access Developers discussion and problem solving"
>> <accessd at databaseadvisors.com>
>> Sent: Tuesday, February 20, 2007 6:09 PM
>> Subject: Re: [AccessD] Code Library, Sample Database, Etc.
>>
>>
>>> The primary role of user security IMO has been to allow you to limit
>>> ordinary users to working with the interface.  It has never been
>> robust
>>> enough to keep out knowledgeable tamperers.  However, I do NOT want
>> Joe
>>> User going in and mucking about with the interface or code I built
>> just
>>> because he now has full permissions to do so.  I have never been
>> wiling
>>> to roll my own security system for Access because I object to
>>> reinventing the wheel, even if the wheel is a bit crooked and flat on
>>> one side.  XP security in small business environments??  You MUST be
>>> joking!  I've never seen a small business environment with any
>> security
>>> that hadn't been added on by a paranoid programmer or systems guy!
> ;o>
>>>
>>> Charlotte
>>>
>>> -----Original Message-----
>>> From: accessd-bounces at databaseadvisors.com
>>> [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of William
>>> Hindman
>>> Sent: Tuesday, February 20, 2007 1:54 PM
>>> To: Access Developers discussion and problem solving
>>> Subject: Re: [AccessD] Code Library, Sample Database, Etc.
>>>
>>> ...again Charlotte, that is heavily dependent upon the environment in
>>> which you work ...Access based user security has been a farce since
>> '95
>>> ...you cannot build an Access mdb to which I cannot gain access with
>>> readily available tools, both free and inexpensive ...so you build
>> your
>>> own, a number of which are discussed in our archives, or you depend
> on
>>> XP security in small business environments ...so the decision by the
>>> Access development team to remove it from A'07 really has no bearing
>> on
>>> its continued use in those environments.
>>>
>>> William Hindman
>>>
>>> ----- Original Message -----
>>> From: "Charlotte Foust" <cfoust at infostatsystems.com>
>>> To: "Access Developers discussion and problem solving"
>>> <accessd at databaseadvisors.com>
>>> Sent: Tuesday, February 20, 2007 4:02 PM
>>> Subject: Re: [AccessD] Code Library, Sample Database, Etc.
>>>
>>>
>>>>I don't think anyone is casting aspersions, William.  But the simple
>>>> truth is that without user security in Access mdbs, they become less
>>>> than useful for multiuser solutions.  That doesn't depend on object
>>>> model, it depends on having a mechanism for controlling who gets
> into
>>>> the application and keeping track of who's there.  Without that
>>>> capability, Access 2007 becomes a desktop database for power users
> or
>>> a
>>>> RAD frontend for SQL Server.
>>>>
>>>> Charlotte Foust
>>>>
>>>> -----Original Message-----
>>>> From: accessd-bounces at databaseadvisors.com
>>>> [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of William
>>>> Hindman
>>>> Sent: Tuesday, February 20, 2007 11:24 AM
>>>> To: Access Developers discussion and problem solving
>>>> Subject: Re: [AccessD] Code Library, Sample Database, Etc.
>>>>
>>>> Arthur
>>>>
>>>> ...its not a matter of agreeing or disagreeing ...if you work in an
>>>> environment where SS is available and the notwork resources are
>>>> available to support it, of course you would use SS in most
>>>> applications.
>>>>
>>>> ...but if you are a consultant working with many small businesses
>>> where
>>>> you are it, then a well designed dao mdb fe/be can be highly stable
>>> and
>>>> work every bit as well as an adp/SS combo ...in point of fact with
> up
>>> to
>>>> at least
>>>> 15 users a well designed dao based mdb will normally out perform an
>>> ado
>>>> based fe.
>>>>
>>>> ...and with A'07 it appears that MS itself is moving back to the dao
>>>> model ...what irks me is people declaring that their favorite model
>> is
>>>> best for everyone ...or casting unwarranted aspersions on Access
> be's
>>>> and dao when they really don't work in an environment where that
>> model
>>>> functions best.
>>>>
>>>> William Hindman
>>>>
>>>> ----- Original Message -----
>>>> From: <artful at rogers.com>
>>>> To: "Access Developers discussion and problem solving"
>>>> <accessd at databaseadvisors.com>
>>>> Sent: Tuesday, February 20, 2007 1:41 PM
>>>> Subject: Re: [AccessD] Code Library, Sample Database, Etc.
>>>>
>>>>
>>>>> While I agree with you, I also fear that you will be flamed from
>>>> numerous
>>>>> devotees to the MDB BE concept. I have my flame extinguisher ready
>> in
>>>> case
>>>>> you need it.
>>>>>
>>>>>
>>>>> Arthur Fuller
>>>>> Technical Writer, Data Modeler, SQL Sensei
>>>>> Artful Databases Organization
>>>>> www.artfulsoftware.com
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ----- Original Message ----
>>>>> From: Robert L. Stewart <rl_stewart at highstream.net>
>>>>> To: accessd at databaseadvisors.com
>>>>> Cc: BarbaraRyan at cox.net
>>>>> Sent: Tuesday, February 20, 2007 1:09:06 PM
>>>>> Subject: Re: [AccessD] Code Library, Sample Database, Etc.
>>>>>
>>>>>
>>>>> Barb,
>>>>>
>>>>> I think the only way to completely "tie it all together"
>>>>> is to use SQL Server and an ADP.  Behind the forms and such
>>>>> it s completely ADO.  MDEs are not if you use a bound form.
>>>>>
>>>>> Robert
>>>>>
>>>>> P.S.  Besides, I would never use Access for the database any way.
>>>>> SQL Server is much better at storing it and being stable.
>>>>> -- 
>>>>> AccessD mailing list
>>>>> AccessD at databaseadvisors.com
>>>>> http://databaseadvisors.com/mailman/listinfo/accessd
>>>>> Website: http://www.databaseadvisors.com
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>> -- 
>>>> AccessD mailing list
>>>> AccessD at databaseadvisors.com
>>>> http://databaseadvisors.com/mailman/listinfo/accessd
>>>> Website: http://www.databaseadvisors.com
>>>> -- 
>>>> AccessD mailing list
>>>> AccessD at databaseadvisors.com
>>>> http://databaseadvisors.com/mailman/listinfo/accessd
>>>> Website: http://www.databaseadvisors.com
>>>>
>>>
>>>
>>>
>>>
>>> -- 
>>> AccessD mailing list
>>> AccessD at databaseadvisors.com
>>> http://databaseadvisors.com/mailman/listinfo/accessd
>>> Website: http://www.databaseadvisors.com
>>> -- 
>>> AccessD mailing list
>>> AccessD at databaseadvisors.com
>>> http://databaseadvisors.com/mailman/listinfo/accessd
>>> Website: http://www.databaseadvisors.com
>>>
>>
>>
>>
>>
>> -- 
>> AccessD mailing list
>> AccessD at databaseadvisors.com
>> http://databaseadvisors.com/mailman/listinfo/accessd
>> Website: http://www.databaseadvisors.com
>> -- 
>> AccessD mailing list
>> AccessD at databaseadvisors.com
>> http://databaseadvisors.com/mailman/listinfo/accessd
>> Website: http://www.databaseadvisors.com
>>
>
>
>
>
> -- 
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
> -- 
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
> 




-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.441 / Virus Database: 268.18.3/694 - Release Date: 2/20/2007
1:44 PM
 




More information about the AccessD mailing list