[AccessD] Access security

Doug Steele dbdoug at gmail.com
Tue Dec 22 09:13:57 CST 2009 

It was just the usual Access Tools/Security/Set Database Password type of
password.  He cracked it as soon as he discovered the db was protected.  He
was presumably cruising the server hard drives for interesting material.  We
had a couple of very bright but incorrigibly nosy engineers working there.
It was a small engineering subsidiary of a large mining company; the
engineers were the reason for our existence, so there was no question of any
disciplinary action.

Doug

On Tue, Dec 22, 2009 at 6:54 AM, Max Wanadoo <max.wanadoo at gmail.com> wrote:

> Doug, that is interesting.
>
> Was the BE password stored in code or in a shortcut etc or is it typed in
> by
> each user when first opening it?
>
> If the first, then he must have taken steps to deliberately uncover the
> pwd.
> If the later, then  there may be a keylogger on somebody's PC.
>
>
> Max
>
>
> -----Original Message-----
> From: accessd-bounces at databaseadvisors.com
> [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Doug Steele
> Sent: 22 December 2009 14:47
> To: Access Developers discussion and problem solving
> Subject: Re: [AccessD] Access security
>
> The only time I've had a need for real data security - a payroll database -
> we decided that the easiest method was to use the existing network
> security.  It was truly secure and easily modifiable as needed by the
> network administrator on site.  So I just made two BE databases for the FE;
> the confidential BE was on a drive only accessible by payroll personnel,
> the
> 'open' BE on a publicly accessible disk share.  The FE to confidential BE
> linking code would just exit gracefully if it failed.
>
> We password protected the open BE as well, just to keep out the curious,
> but
> a couple of weeks after implementing this I had a conversation with one of
> the (electrical) engineers there.  He told me the password and asked why
> we'd bothered!
>
> Doug
>
>
> On Tue, Dec 22, 2009 at 6:19 AM, Susan Harkins <ssharkins at gmail.com>
> wrote:
>
> > A reader has asked about Access workgroups security and I told him the
> > truth -- won't keep out the determined, but a good security setup
> > nonetheless. Now he wants to know what is. I should've heard that
> coming...
> >
> > I'd like to hear thoughts on Access security and alternatives -- strictly
> > opinion and war stories, you don't have to tell me how to use it! ;)
> >
> > Susan H.
> >
> > --
> > AccessD mailing list
> > AccessD at databaseadvisors.com
> > http://databaseadvisors.com/mailman/listinfo/accessd
> > Website: http://www.databaseadvisors.com
> >
> --
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
>
> --
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
>

More information about the AccessD mailing list