access security

[Jim W]

Is it possible to just add the security to the backend database to prevent a user from opening it a changing data or viewing data that they would not normally see thru the front end? I tried adding the password to the backend and someone cracked that using a software program they downloaded.

Jim

 

[The_Doc_Man]

They will crack the password no matter where you put it.

My personal view on this is a bit radical, but then I work with the U.S. Dept. of Defense, which tends to frown on such actions.

I would talk to my boss first, then the user's boss (if not my boss), then talk to the user about how if they ever do that again, they will lose a finger. If they do it a second time, they will lose a wrist. Third time, we'll cut higher, somewhere near the neck. (Just kidding about loss of body parts...)

Seriously, this SHOULD be grounds for a personnel action by your management, but the odds are that your company doesn't have a good security policy to cover this situation. If this is true, then the FIRST thing you need to do is devise and publish a policy. Use a method of publication that requires acknowledgement. Keep records of same handy.

THEN, when someone cracks your password, take a job action against them. Have them written up. Get them fired. Seriously. It only takes once to get everyone else's attention.

 

[AlienRay]

Too true. In my firm, the act of downloading a password-cracking application is grounds for immediate dismissal.