[AccessD] Transactions

Drew Wutka DWUTKA at Marlow.com
Thu Sep 6 16:18:04 CDT 2007


One of the many reasons I use .asp and VB front ends, no direct .mdb
access.

IMHO, though, data integrity done only through the GUI is to easy to get
around.  F11 or Window --> unhide will always let someone at the
database window.  So if a user shouldn't be able to change data in a
table, that table should be secured at the table level, not the form.
(Not too mention, securing it at the table level once, makes EVERY form
created have the same limitations, since the forms are going through the
table. (And queries....)

Drew

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Steve Schapel
Sent: Thursday, September 06, 2007 3:41 PM
To: Access Developers discussion and problem solving
Subject: Re: [AccessD] Transactions

Thanks, Drew.  Well, I guess it depends on what sort of users you are 
dealing with.  At the risk of re-hashing a discussion that has probably 
been done before, I think there is a distinction between functionality 
in the application when it is being used in the intended way, and 
deliberate unauthiorised attempts to circumvent the intended 
functionality.  In terms of the original question asked by Arthur, where

he wants the users to be able to add new records but not delete or edit 
existing records, I can open a form in design view, set the Allow 
Deletions and Allow Edits properties to No, and close and save the form,

in less than 10 seconds.  My time is valuable, so this is an important 
factor.  If that form is the only way (apart from unauthorised hacking) 
for the data to be accessed, then that would be perfectly adequate in 
the case of all the clients who I have ever worked for.

Regards
Steve


Drew Wutka wrote:
> Show me a way to truly prevent it.  It's there whether you like it or
> not.  Disable the Access Keys such as F11, and you just have to go
> through the Window Menu.  Even hiding the Access Window itself doesn't
> guarantee a curious user can't get to the database window.  Heck, the
> code to unhide every Access window on your machine is just a few
lines.
> 
> User level security isn't hack proof (nothing is), but it is a lot
> stronger then 'hiding' the database window.
> 
-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com
The information contained in this transmission is intended only for the person or entity to which it is addressed and may contain II-VI Proprietary and/or II-VI BusinessSensitve material. If you are not the intended recipient, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. You are notified that any review, retransmission, copying, disclosure, dissemination, or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited.





More information about the AccessD mailing list