jwcolby
jwcolby at colbyconsulting.com
Sun May 22 21:36:57 CDT 2011
As it happens the BE is probably the most secure of the lot (at least in terms of unauthorized users) for the simple reason that it comes in to my server over a Hamachi VPN. The user has to have Hamachi installed on their machine and have to be joined to the Hamachi network specific to that application. I have to invite the user to join the network and after they apply I have to authorize their joining the network. So yes, "the bad guy" can get at the data tables directly on the machine that I have authorized on the network, but if they move it (a linked FE) to another machine they cannot get in. All for naught if I cannot get the bypass key disabled, assuming that "the bad guy" knows about the bypass key. I still haven't figured out why the bypass key works even when I have a "DisableBypassKey" property set to false on the application - and on my libraries as well for that matter. I have also password protected the code modules, though as we all know these passwords are easily cracked by those of us with knowledge. I will eventually investigate whether I can programmatically compile MDB/A files to MDB, IOW copy to the destination then turn them into an MDE, all from an outside Access application like my C2DbProperties. Every little roadblock makes it that much more difficult to go where they should not go. John W. Colby www.ColbyConsulting.com On 5/22/2011 9:18 AM, Rocky Smolin wrote: > IME, the back end is more important than the front end. How are you > securing that? > > Are you distributing an mde? > > R > > > -----Original Message----- > From: accessd-bounces at databaseadvisors.com > [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of jwcolby > Sent: Saturday, May 21, 2011 10:23 PM > To: Access Developers discussion and problem solving > Subject: Re: [AccessD] Access Lockdown > > For the first time I am setting up a database which will be used by unknown > users. I am trying hard to keep prying eyes out. > > John W. Colby > www.ColbyConsulting.com > > On 5/22/2011 1:18 AM, Rocky Smolin wrote: >> As an aside - why do you need this level of security? >> >> R >> >> >> -----Original Message----- >> From: accessd-bounces at databaseadvisors.com >> [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of jwcolby >> Sent: Saturday, May 21, 2011 9:52 PM >> To: Access Developers discussion and problem solving >> Subject: Re: [AccessD] Access Lockdown >> >> Well, I have locked it down as tight as possible using these methods. >> I added a field to my application for the destination directory, then >> a button to do the copy, then set these properties false. I hid every >> single table, query, form etc. and added code to the application that >> cleared the "show hidden objects" when my init code runs. >> >> No passwords but otherwise reasonably tight. With no menus you can't >> get at any of the means of resetting these properties so you pretty >> much have to use an application like my C2DbProperties to reset them >> from outside of the database. >> >> I am accustomed to seeing everything in design view so after my Copy >> and Lockdown it is a bit disconcerting to open the database files and >> see absolutely nothing, and yet the app runs. Kinda cool actually. >> >> So now I can open my C2DbProperties, click the Copy&Lockdown button >> for the two library files and the application file and I have >> reasonably tight physical security on the distributed app. >> >> John W. Colby >> www.ColbyConsulting.com >> >> On 5/21/2011 9:31 AM, Rocky Smolin wrote: >>> John: >>> >>> I use this in my app and trigger it when the program is an mde: >>> >>> ChangeProperty "StartupForm", dbText, TheOpeningForm >>> ChangeProperty "StartupShowDBWindow", dbBoolean, False >>> ChangeProperty "StartupShowStatusBar", dbBoolean, False >>> ChangeProperty "AllowBuiltInToolbars", dbBoolean, False >>> ChangeProperty "AllowFullMenus", dbBoolean, False >>> ChangeProperty "AllowBreakIntoCode", dbBoolean, False >>> ChangeProperty "AllowSpecialKeys", dbBoolean, False >>> ChangeProperty "AllowBypassKey", dbBoolean, False >>> ChangeProperty "MenuBar", dbBoolean, False >>> >>> Function ChangeProperty(strPropName As String, varPropType As >>> Variant, varPropValue As Variant) As Integer >>> Dim dbs As Object, prp As Variant >>> Const conPropNotFoundError = 3270 >>> >>> Set dbs = CurrentDb >>> On Error GoTo Change_Err >>> dbs.Properties(strPropName) = varPropValue >>> ChangeProperty = True >>> >>> Change_Bye: >>> Exit Function >>> >>> Change_Err: >>> If Err = conPropNotFoundError Then ' Property not found. >>> Set prp = dbs.CreateProperty(strPropName, _ >>> varPropType, varPropValue) >>> dbs.Properties.Append prp >>> Resume Next >>> Else >>> ' Unknown error. >>> ChangeProperty = False >>> Resume Change_Bye >>> End If >>> End Function >>> >>> I also use this to stop them from navigating around in the app other >>> than through my own menus: >>> >>> ' If mde then turn off windows in taskbar and menu bar Set db = >>> CurrentDb If InStr(1, db.Name, "mde")<> 0 Then >>> Me.MenuBar = "=1" >>> Access.Application.SetOption "ShowWindowsInTaskbar", False >>> On Error GoTo Err_Form_Open >>> End If >>> >>> Not a utility you could run from outside the db but I think you could >>> easily write one with this code that would set the properties of of a >>> db you selectr from the standard file open dialog box. >>> >>> HTH >>> >>> Rocky >>> >>> >>> -----Original Message----- >>> From: accessd-bounces at databaseadvisors.com >>> [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of jwcolby >>> Sent: Saturday, May 21, 2011 5:42 AM >>> To: Access Developers discussion and problem solving >>> Subject: [AccessD] Access Lockdown >>> >>> I want to lock down an application as I copy it from my dev directory >>> to a "live" directory. I want to set the "display system objects and >>> "display hidden objects" properties in Options as well as Startup >>> "Allow full menus", Use Special Keys" etc. >>> >>> Has anyone got a utility that sets these properties? >>> >>> -- >>> John W. Colby >>> www.ColbyConsulting.com >>> -- >>> AccessD mailing list >>> AccessD at databaseadvisors.com >>> http://databaseadvisors.com/mailman/listinfo/accessd >>> Website: http://www.databaseadvisors.com >>> >> -- >> AccessD mailing list >> AccessD at databaseadvisors.com >> http://databaseadvisors.com/mailman/listinfo/accessd >> Website: http://www.databaseadvisors.com >> > -- > AccessD mailing list > AccessD at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/accessd > Website: http://www.databaseadvisors.com >