Access vs Comercially available databases (9 Viewers)

But it's a fact that Access is the least secure comparing to any pre-package system.
Click to expand...
You're being cynical. If you feel Access is so insecure, then why do you develop with it, or even use it?
 
Last edited:
KitaYama said:
But it's a fact that Access is the least secure comparing to any pre-package system.
Click to expand...
Many years ago a client decided to implement a well known online crm system. I was involved with integrating it with finance, commissions and hr systems.

I discovered that if you knew the login details (of a sales person for example), you could not only access the data from excel, that access was not limited to the data the login allowed - you could see and edit pretty much anything.

The crm company initially reassured my client that it was not possible and that I was making it up (echoes of Horizon?) So (with the permission of my client) I went in and made some changes.

The crm company had to about face and took something like 3 months to come up with a solution
 
CJ_London said:
Many years ago a client decided to implement a well known online crm system. I was involved with integrating it with finance, commissions and hr systems.

I discovered that if you knew the login details (of a sales person for example), you could not only access the data from excel, that access was not limited to the data the login allowed - you could see and edit pretty much anything.

The crm company initially reassured my client that it was not possible and that I was making it up (echoes of Horizon?) So (with the permission of my client) I went in and made some changes.

The crm company had to about face and took something like 3 months to come up with a solution
Click to expand...
An online app is automatically less secure than an on premise app. Then you also have to worry about the outfit that's hosting your data. No thanks.
 
It's all moot, some of the most robust systems on earth get hacked. I'm part of a large class action law suit right now. Keenan & Associates was hacked in 2023. Millions of people effected, potentially billions of dollars on the line. Security is an illusion like insurance.
 
It's good to see a lot more answers on this, but I thought the real question the OP was asking is whether the functionality of a commercial system would be better than the system that was already in place.
 
AccessBlaster said:
It's all moot, some of the most robust systems on earth get hacked. I'm part of a large class action law suit right now. Keenan & Associates was hacked in 2023. Millions of people effected, potentially billions of dollars on the line. Security is an illusion like insurance.
Click to expand...
I've already cashed in on several settlements. Makes me want to put more of my personal info out there so I can have another source of steady income 🙂
 
gemma-the-husky said:
It's good to see a lot more answers on this, but I thought the real question the OP was asking is whether the functionality of a commercial system would be better than the system that was already in place.
Click to expand...
Agreed, I did mention that towards the end of this post. If I were the OP, I would defend the current Access app for all the merits mentioned in this thread.
 
Last edited:
The problem I have with 3rd party packages is that they were probably developed by a senior designer and a bunch of junior coders. I.e. without knowing the details of how it was actually developed and implemented, you have no way of knowing whether it is better, the same as, or worse than Access for security details.
 
"But you can not hide the server name, and database in connection string. Can you?"

You can't hide the server with or without Access. The server handles data security, not the FE.

BTW, I know of at least 1 very large account / payroll / buisness system with a base option of a file based db, just like Jet which makes it just as hackable. You can build passthough queries to that db usable with the corrent login form an Access FE.
 
KitaYama said:
If your FE is Access, you can open a blank database, write a simple code to return all tables and then theri fields in your FE. You can also run an update or insert query from a database outside your FE. You can hide/unhide tables in a FE using a remote database, or change FE's properties like shift+double click or .....

As long as your FE is Access, you have a big hole in your security and it doesn't matter your BE is sql server or cloud.
Click to expand...
Keep in mind that most of these implementations are already behind the safety of a network. If you trust your users to give them access to the data then trust them. If someone gained access to your network and your file servers, they would have access to everything not just Microsoft Access. Microsoft Access is not any specialer than any other file nor more dangerous
 
KitaYama said:
If your FE is Access, you can open a blank database, write a simple code to return all tables and then theri fields in your FE. You can also run an update or insert query from a database outside your FE. You can hide/unhide tables in a FE using a remote database, or change FE's properties like shift+double click or .....
Click to expand...
That is why you don't use Windows to secure your SQL Server. My users never have their credentials for the server database. While it is true that you can view linked tables, as long as you don't store the password with the link, you can't retrieve data that way or use the table names and server name to log into the server.
 
Pat Hartman said:
That is why you don't use Windows to secure your SQL Server. My users never have their credentials for the server database. While it is true that you can view linked tables, as long as you don't store the password with the link, you can't retrieve data that way or use the table names and server name to log into the server.
Click to expand...
Why not use Windows Authentication, which leverages existing Active Directory credentials? That eliminates the need to manage separate logins and passwords for SQL Server.
 
Pat Hartman said:
That is why you don't use Windows to secure your SQL Server. My users never have their credentials for the server database. While it is true that you can view linked tables, as long as you don't store the password with the link, you can't retrieve data that way or use the table names and server name to log into the server.
Click to expand...
In my opinion it's the opposite, using Windows active directory groups to secure sql server access is a great option
 
You must log in or register to reply here.

Similar threads

Magger
My loop sometimes starts at 2 or 3
Replies
6
Views
238
Pat Hartman
P
Libre
32 bit Access vs 64 bit Access - HELLLLLP!!!!
Replies
12
Views
1,195
gemma-the-husky
gemma-the-husky
bsacheri
Access crashes when switching Form View to Datasheet View
Replies
2
Views
382
MajP
MajP
N
MS Access VBA Vs JAVA
Replies
2
Views
304
CJ_London
C
Uncle Gizmo
list available tools
Replies
0
Views
236
Uncle Gizmo
Uncle Gizmo

Users who are viewing this thread

  • ... and 2 more.
    • Total: 10 (members: 6, guests: 4)
    Back
    Top Bottom