[AccessD] Code Library, Sample Database, Etc.

Drew Wutka DWUTKA at Marlow.com
Wed Feb 21 01:03:34 CST 2007 

Nothing technical about it.  I've been around 'ignorant' security, the
type where there's a nice brick wall in place, which has the thickness
of a very thin sheet of paper, and the only reason users aren't messing
with things is because they are ignorant.

There are rare cases where this is ok, but a system that stores business
data needs to be protected on a principle level.  For example, I have
built a LOT of little data dbs, receiving data from test machines.  I
set every single one up so that data can be entered, but not modified.
I get questioned on this, and my answer is simple.  There isn't a test
machine in the world that needs it's data changed.  That's the entire
purpose of the test.

Now, while you may not care if labbie X decides to tweak the data, I
rest soundly in the knowledge that unless he IS a hacker, when the sh*t
hits the fan over falsified data, my design is not in question.

I think it just boils down to integrity. If I'm trusted to create a
database to store data, my integrity is in the end result preventing
someone from changing it, other then someone authorized to do so...and
then it's their butt.

Drew

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of William
Hindman
Sent: Tuesday, February 20, 2007 10:57 PM
To: Access Developers discussion and problem solving
Subject: Re: [AccessD] Code Library, Sample Database, Etc.

...busted send ...anyway, while technically true, my users never have
Access 
installed and there are no Wutka's among them ...I'm just not going to
wet 
my pants over the possibility that one of them could use excel or word
vba 
to get to the tables ...they all know I'd colbyize them :)

William Hindman

----- Original Message ----- 
From: "Drew Wutka" <DWUTKA at marlow.com>
To: "Access Developers discussion and problem solving" 
<accessd at databaseadvisors.com>
Sent: Tuesday, February 20, 2007 8:03 PM
Subject: Re: [AccessD] Code Library, Sample Database, Etc.


> Yep..... even in a runtime environment.  An .mde only protects the
> forms/reports/code.  The tables (and querries and the data within) are
> still accessible through ANYTHING that can connect to an Access .mdb.
> (Access itself, Excel, word, VBScript, heck, anything that can use ADO
> or DAO.).
>
> The only thing that protects an Access table (whether it's an .mdb, or
> .mde) is Access User Level Security.
>
> Don't believe me?  Just open an .mdb, and go link a table, find an
.mde
> to link to, and you'll see ALL of your tables right there....
>
> Drew
>

More information about the AccessD mailing list