Question can someone confirm this!

[marianne]

"[FONT=&quot]the new password system is not stored in the database in access 2007"

I just read some article in the internet that states the above.

Can someone confirm that. If it is not store in the database, where is it stored?
[/FONT]

 

[Atomic Shrimp]

Access 2007 doesn't support User Level Passwords (at least, not in its own ACCDB format files) - they're not stored in the database - they're not stored anywhere - because they don't exist.

I think Access 2007 still honours the password system of previous file versions (in which case, they'll be stored in the same way as they were for those files).

 

[marianne]

what do you mean database password "do not exist" ?

 

[Atomic Shrimp]

User-level security is not supported by the new file formats in Microsoft Office Access 2007.

Access 2007 databases (.accdb, .accde, .accdc, .accdr) don't support user-level password security - so there are no passwords to store -either inside or outside of the database file.

 

[marianne]

i mean the database password not the ULS.

 

[Atomic Shrimp]

The password for encryption isn't explicitly stored anywhere, but is actually used as part of the encryption key.

If it was stored outside the database, it would make the db non-portable

If it was stored inside the database, the thing would have to be decrypted before validating the password (i.e. in order to retrieve it), which would be weak security.

The password is used as an integral part of the encryption (and therefore required as an integral part of the decryption).

 

[Atomic Shrimp]

There's more detail on the process here:

http://www.vb123.com.au/toolbox/08_access/databasepasswordsimprove.htm

 

[marianne]

thanks atomicshrimp. anyway, have you seen my post http://www.access-programmers.co.uk/forums/showthread.php?t=176518

can you give me an assistance on it...thanks.

 

[Atomic Shrimp]

I have been reading that thread, but I'm afraid I have little to contribute to it - I only really have experience of creating small access apps in a trusted environment.

To the extent that security/access restriction has ever been required in any of my database applications, I've handled within the design and coding of my forms and VBA.

For example, at the moment, I'm working on a small app that has all the different functions on tabs in a tab control - some users only need some tabs, so my app starts out with them all set to visible=false, only changing that after the user has logged in and his/her settings have been read from the user table.

This wouldn't be a very secure way to do it, except that the back end resides on a server to which only certain users have access - and this is controlled by Windows Group Policy.

 

[marianne]

thank you for your quick reply atomicshrimp.

 

[The_Doc_Man]

I'll add that because Atomic Shrimp is in a domain-based environment (where Windows Group policies have meaning), he is inherently more secured than the simplest file-server cases for Access in non-domain environments. If you have a more robust site security system, you don't need your users to log in to Access, you can just ask Windows who they are. Then you can make decisions on the fly as to who can see what.