TechRepublic|Forums|Web Development

Web Development

General discussion

  • Creator
    Topic
  • December 11, 2001 at 12:39 am #2131181

    How to make MS Access Jet really secure

    Locked

    by wml · about 20 years, 5 months ago

    I have an secured Access database which uses Jets username and password security. Don’t want to use a database password.
    However I don’t want every database to use the same system.mdw, so have to let users open from a shortcut with a command line option “/workgroup” to specify the location.
    Anyone can bypass this by opening the database directly, bypassing all security.
    Is there a good (or any) way to make it secure programatically or otherwise? If not then it seems that using Jet is a waste of time

    Topic is locked This conversation is currently closed to new comments.
  • Creator
    Topic

All Comments

  • Author
    Replies
    • December 11, 2001 at 3:17 am #3567376

      How to make MS Access Jet really secure

      by sl-campbell · about 20 years, 5 months ago

      In reply to How to make MS Access Jet really secure

      Yes, you can make it secure.
      What you need to do is:
      1). Change ownership of all objects
      2). Remove the permissions of the Admin user and Users group, which includes all users in a workgroup. Until you remove those permissions, users can get permissions that you didn’t intend for objects. Once permissions have been removed, users have only the permissions that you assign, even if they use a different system database(mdw).

      3). Never give users a copy of the system database that defines theworkgroup you used to create the MDB. If a user is able to log on as a member of the Admins group in the workgroup, the user can get full permissions for the database and objects created in the workgroup.

      • December 11, 2001 at 7:38 pm #3568449

        How to make MS Access Jet really secure

        by sl-campbell · about 20 years, 5 months ago

        In reply to How to make MS Access Jet really secure

        >
        I just want to try and make this alittle more clear by giving another one of my long-winded explainations:

        Information about a workgroup is stored in the system database(mdw or mda) However, the actual permissions and information about the ownership are store in the application database(mdb).
        An administrators account is a member of the Admins group. An owner account is a user or group that you make to have ownership over a MDB and ist objects. . These accounts can ALWAYS get permissionsfor all objects created in the workgroup.
        Because the Admin. account is the same for every copy of Access, it is important to set up your OWN administrator and owner accounts IN PLACE of the Admin account. Otherwise, anyone with a copy of Access can log on as using the Admin acct. and get full permissions.
        The users should get a copy of a workgroup that does NOT include the Owner account.
        Once you have set up your own administrator and owner accts., remove the permissions from the default administartor account.
        Make the only accounts that have full permissions, and which belong to the Admin group, your own administrator and owner accounts and give them unique names. Then, as I said, remove all permissions from the default administrator acount.
        Therefore, if the actual permissions are stored in the MDB and not the Mdw, and the default administrator account doesn’t have the permissions assign, then if someone changes the workgroup or uses the MDB on another PC with Access, wherethe default Admin. acct. is there again, and when logging on as admin. and the workgroup “ask” the MDB for the admin. permissions, the MDB will STILL respond that the default admin. has no permissions and is not the owner!

      • December 11, 2001 at 7:40 pm #3568447

        How to make MS Access Jet really secure

        by sl-campbell · about 20 years, 5 months ago

        In reply to How to make MS Access Jet really secure

        If you are starting from scratch it is best to log on with your own admin. and owner accounts, BEFORE creating any objects. For an existing MDB, it is best to create a new MDB, logging on with your own accounts, and then importing all the objects.This will make sure that the ownership of each object gets changed from the default admin. to your own new account.

        Additional security can be achieved by encrypting the MDB, even though this may slow things down a bit.

      • December 11, 2001 at 11:59 pm #3568414

        How to make MS Access Jet really secure

        by wml · about 20 years, 5 months ago

        In reply to How to make MS Access Jet really secure

        Thanks – that should do the trick. I’d forgotten about the effect of default Users and Admin groups; this will be much simpler than what I was anticipating!

    • December 11, 2001 at 11:59 pm #3568413

      How to make MS Access Jet really secure

      by wml · about 20 years, 5 months ago

      In reply to How to make MS Access Jet really secure

      This question was closed by the author

    • March 17, 2013 at 4:45 am #2902449

      I could send you an MSAccess database that would show you how I do it

      by mccer · about 9 years, 2 months ago

      In reply to How to make MS Access Jet really secure

      I could send you an MSAccess database that would show you how I do it but I cannot see any way of sending it.
      Please let me know if anyone can solve the problem of emailing a solution

  • Author
    Replies
Viewing 2 reply threads