[AccessD] POLL: Access Security

Drew Wutka DWUTKA at marlow.com
Thu Nov 13 12:45:19 CST 2003


Another clarification on my 1 position.  That is for Access 97.  I must
admit to have only built one 2000 db with Access User Level security.  But
97 I can do in my sleep.

Drew

-----Original Message-----
From: John W. Colby [mailto:jcolby at colbyconsulting.com]
Sent: Wednesday, November 12, 2003 8:03 PM
To: Access Developers discussion and problem solving
Subject: RE: [AccessD] POLL: Access Security


>M$'s main DB security is lack of supplied information.

ROTFL.

And I intentionally called mine Light Weight Security precisely to avoid any
expectations that it would lock down a database against someone like
yourself.

I have discovered that:

There are hackers out there that can take down Fort Knox.  If you are
worried about them Access is not your tool.
99.9% of the day to day damage is done by innocent users doing things they
shouldn't be allowed to do.
99.9% of that damage is easily prevented using something waaaaaaay less
obtuse than Access security.

Funny but true story.  I had a user who had apparently taken a class
somewhere.  She told me one day that she had attempted to make a change to
one of my tables but that she couldn't make the change stick.  She was
attempting to MODIFY a field in a LINKED table.  She did not even understand
what a linked table was, nor where the real data was.

It never occurred to me that a user would even attempt to modify a table of
a database that was company property and over which she had no design
authority.  She was just a user!

No harm was done of course, but I had to have a heart to heart with her as
to what her job was.

And of course, if the company allows it (and this one doesn't) simply
setting the database properties would keep such inexpert busy fingers out of
the pie.

John W. Colby
www.colbyconsulting.com

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com]On Behalf Of Jim Lawrence
(AccessD)
Sent: Wednesday, November 12, 2003 8:40 PM
To: Access Developers discussion and problem solving
Subject: RE: [AccessD] POLL: Access Security


Hi John:

Odd questions but I would rate myself as a 4, the other stuff I have samples
on but would have to dig for the answers. The ultimate security is simply to
go to any SQL server, as far as I am concerned. MDB security is too fragile
and hackable. A couple of years back I had to hack a few, think it was two
or three, MDBs that were supposedly secure, so the client could work on the
tables after the initial programmers had disappeared. Cracked them all...and
I would not consider myself a whiz at that stuff, it was just that MS MDB
security is a little weak.

M$'s main DB security is lack of supplied information.

My two cents worth
Jim

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com]On Behalf Of John W. Colby
Sent: Wednesday, November 12, 2003 5:00 PM
To: AccessD
Subject: [AccessD] POLL: Access Security


I'd like to take a poll regarding your knowledge of Access' built-in
security. By security I do NOT mean the database properties, rather using
workgroups / users to secure forms, tables, queries etc.

Anyone interested in participating please choose one of the following:

1) I am an Access security guru.  I can quickly and easily lock a database
down so tight I can't even get back in.  No help / books needed.
2) I am fluent with Access security.  I can get the job done but it
definitely takes a few hours.  I probably won't need the help / books.
3) I have done Access Security on at least one real paying project.  I would
need help / books to do it again.
4) I have heard about Access Security, read about it, managed to shoot a toe
off, maybe played around with it, but I am confident I could get the job
done.  Books / help definitly needed.
5) Access has built in security?  What is this and where would I go to learn
it?  Why haven't I ever seen these books / help?

If you would please just select a number and reply I would appreciate it.

As for myself, I must admit I rate a solid 4.  No client has ever been
willing to pay for it and I have always had other things to learn / do so I
just never did it (for real).

John W. Colby
www.colbyconsulting.com


_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com



_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com


More information about the AccessD mailing list