General discussion

Locked

How to make MS Access Jet really secure

By wml ·
I have an secured Access database which uses Jets username and password security. Don't want to use a database password.
However I don't want every database to use the same system.mdw, so have to let users open from a shortcut with a command line option "/workgroup" to specify the location.
Anyone can bypass this by opening the database directly, bypassing all security.
Is there a good (or any) way to make it secure programatically or otherwise? If not then it seems that using Jet is a waste of time

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

How to make MS Access Jet really secure

by sl-campbell In reply to How to make MS Access Jet ...

Yes, you can make it secure.
What you need to do is:
1). Change ownership of all objects
2). Remove the permissions of the Admin user and Users group, which includes all users in a workgroup. Until you remove those permissions, users can get permissions that you didn't intend for objects. Once permissions have been removed, users have only the permissions that you assign, even if they use a different system database(mdw).

3). Never give users a copy of the system database that defines theworkgroup you used to create the MDB. If a user is able to log on as a member of the Admins group in the workgroup, the user can get full permissions for the database and objects created in the workgroup.

Collapse -

How to make MS Access Jet really secure

by sl-campbell In reply to How to make MS Access Jet ...

>
I just want to try and make this alittle more clear by giving another one of my long-winded explainations:

Information about a workgroup is stored in the system database(mdw or mda) However, the actual permissions and information about the ownership are store in the application database(mdb).
An administrators account is a member of the Admins group. An owner account is a user or group that you make to have ownership over a MDB and ist objects. . These accounts can ALWAYS get permissionsfor all objects created in the workgroup.
Because the Admin. account is the same for every copy of Access, it is important to set up your OWN administrator and owner accounts IN PLACE of the Admin account. Otherwise, anyone with a copy of Access can log on as using the Admin acct. and get full permissions.
The users should get a copy of a workgroup that does NOT include the Owner account.
Once you have set up your own administrator and owner accts., remove the permissions from the default administartor account.
Make the only accounts that have full permissions, and which belong to the Admin group, your own administrator and owner accounts and give them unique names. Then, as I said, remove all permissions from the default administrator acount.
Therefore, if the actual permissions are stored in the MDB and not the Mdw, and the default administrator account doesn't have the permissions assign, then if someone changes the workgroup or uses the MDB on another PC with Access, wherethe default Admin. acct. is there again, and when logging on as admin. and the workgroup "ask" the MDB for the admin. permissions, the MDB will STILL respond that the default admin. has no permissions and is not the owner!

Collapse -

How to make MS Access Jet really secure

by sl-campbell In reply to How to make MS Access Jet ...

If you are starting from scratch it is best to log on with your own admin. and owner accounts, BEFORE creating any objects. For an existing MDB, it is best to create a new MDB, logging on with your own accounts, and then importing all the objects.This will make sure that the ownership of each object gets changed from the default admin. to your own new account.

Additional security can be achieved by encrypting the MDB, even though this may slow things down a bit.

Collapse -

How to make MS Access Jet really secure

by wml In reply to How to make MS Access Jet ...

Thanks - that should do the trick. I'd forgotten about the effect of default Users and Admin groups; this will be much simpler than what I was anticipating!

Collapse -

How to make MS Access Jet really secure

by wml In reply to How to make MS Access Jet ...

This question was closed by the author

Collapse -

I could send you an MSAccess database that would show you how I do it

by mccer In reply to How to make MS Access Jet ...

I could send you an MSAccess database that would show you how I do it but I cannot see any way of sending it.
Please let me know if anyone can solve the problem of emailing a solution

Back to Web Development Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums