[AccessD] Access Lockdown

jwcolby jwcolby at colbyconsulting.com
Sun May 22 22:40:11 CDT 2011 

 > If someone is smart enough to bypass much of the FE security wouldn't they be smart enough to 
make an mdb with the ODBC connection?

If they are directly on the machine with the FE, they have access to the network and thus to the SQL 
Server data.  All they have to be smart enough to do is copy the tables into an unsecured Access 
container.

OTOH if they "walk away" with the FE and try to access the data on the server, they cannot do so 
because they have to be a member of the Hamachi network for that application which they will not be.

 > But, backing up a bit, I usually build in the level of security required by the user.  The first 
question I ask my clients is will the users follow the rules?  IOW, if they have a read only 
password will they accept that and not try to find a way to change the data?

Asking the client and asking the user are two different questions to two (or many) different people.

I was walking through a client's office one day and saw a user in the FE in design view trying to 
modify a (linked) table.  I asked her what she was doing.  She had been sent to an access class, and 
had "decided" that she needed a couple of fields in an existing table so there she was trying to add 
them.  In a linked table!  In a FE which was downloaded to her machine every day.  Just goes to show 
many things.

1) The client said users would not do such a thing.
2) The user was busy trying to do just such a thing.
3) The user was so uneducated that she was trying to modify a linked table on a Fe downloaded fresh 
to her machine daily.
4) She was still trying to do something that the "client" said was not going to happen.

The developer's job is to idiot proof the application.  The universe's job is to build better 
idiots.  Which has the most experience?

Luckily these are not medical applications or the like but still, the machines will exist "out on 
the internet somewhere".  It is appropriate to tighten them up as much as possible.

 > What is the environment in which your app is being deployed?

All of these applications are on user machines wherever the machine may reside.  It access data on a 
SQL server in my office, via a Hamachi VPN HUB AND SPOKE network specific to each application.

IOW "environment unknown".

John W. Colby
www.ColbyConsulting.com

On 5/22/2011 11:15 PM, Rocky Smolin wrote:
> If someone is smart enough to bypass much of the FE security wouldn't they
> be smart enough to make an mdb with the ODBC connection?
>
> But, backing up a bit, I usually build in the level of security required by
> the user.  The first question I ask my clients is will the users follow the
> rules?  IOW, if they have a read only password will they accept that and not
> try to find a way to change the data?
>
> Or in their environment do they need to protect the data from mischief or
> deliberate alteration of the data outside of the mandated procedures?
>
> What is the environment in which your app is being deployed?
>
>
> R

More information about the AccessD mailing list