[AccessD] A2K2: Basic Roll-Your-Own Security

Wortz, Charles CWortz at tea.state.tx.us
Thu Jul 24 13:29:01 CDT 2003 

Mark,

Making an .mde protects your code and prevents others from making design
changes to your app.  It does not provide any other security than that.
The next step up in security is using Access User-Level Security.  This
will stop almost all that are not willing to buy one of the password
crackers available on the internet.  If that is not enough security for
you, then you will need to convert your app to something that does have
industrial-strength security such as SQLServer.

Charles Wortz
Software Development Division
Texas Education Agency
1701 N. Congress Ave
Austin, TX 78701-1494
512-463-9493
CWortz at tea.state.tx.us



-----Original Message-----
From: Mitsules, Mark [mailto:Mark.Mitsules at ngc.com] 
Sent: Thursday 2003 Jul 24 13:09
To: '[AccessD]'
Subject: [AccessD] A2K2: Basic Roll-Your-Own Security

Group,

Until now, I have had no compelling reason to implement (read "learn
about") any level of security.  Stopping short of Access security, what
are some of the approaches people have used to limit access to objects,
data, and/or code?  For instance, I've experimented with using API calls
to get the UserName and comparing that against a hidden uSys table of
"authorized users", and it works...but how can I go about preventing a
knowledgeable user from locating the remote database (by reading the
code) and editing the remote table directly?  I'm guessing that it will
have something to do with developing an .mde...?  I'd welcome any input.


Mark

More information about the AccessD mailing list