Database Security

S

slrphd

Registered User.
Local time
Today, 17:04
Joined
Jan 6, 2004
Messages
91
I beleive the time has come for me to invoke some level of security on my database and am looking for ideas. However, as I look through the various forums, I do not see one for that topic. Am I just too dense to see the obvious or has some paranoid DB manager put the security forum in a password protected page?

Steven Ross
 
You are correct in that there is no specific forum for Security.

My guess is the General Forum would have suited this thread better. I doubt anyone will string you up for the error though. :p
If you search the forum, you will find some threads that already deal with Security. I've been told that implementing security inside Access is a painful and long experience. Good luck!
 
Here is an example that I picked up on this forum some time ago, which is not access's built in security.

Andy
 

Attachments

slrphd said:
I beleive the time has come for me to invoke some level of security on my database and am looking for ideas. However, as I look through the various forums, I do not see one for that topic. Am I just too dense to see the obvious or has some paranoid DB manager put the security forum in a password protected page?

Steven Ross
Click to expand...

There are hundreds of posts about various aspects of security in Access. Trouble is it is such a huge subject.

I agree may be there should be a separate forum.

Two words of warning:
  1. make loads off backups before you embark on this quest
    There is nothing that is more of a windup than locking yourself out by accident.
  2. Decide what/who you are securing against before you start.

    There are, really, only three different categories of attack on a computer system.

  1. Criminal
  2. Privacy
  3. Publicity

These can be split into various sub categories.

Then there are two groups of people.

  1. Insiders

    Those who have a right to access to various levels in order to use the data.
    Those who have a right to modify data.
  2. Outsiders
    Those who have no right of access at all.

The outsiders are relatively easy. The insiders are a different matter because this is when necessary ‘holes’ have to be left.

Know your adversary before you start.

It is no good protecting your data from disgruntled employees if a hacker breaks in from out side and steals or messes with your data.

I make a good deal of money as an extra income recovering people’s data. 80% of that income is generated by people who have left security holes and someone has accessed data without authority. A disgruntled employee that damages a system or steals data before they leave is ‘hacking’ the system because they have no right to do what they have done.

One case was proved recently where a sys admin officer messed up a db and framed another employee to get them fired.

Security is a lot more than creating a password system to access your data.

If you want to get more ‘in depth’ with this then I will help where and when I can. If you don’t; call me when you need a recovery service and I’ll charge you.

My knowledge of Access is limited. My knowledge of security is extensive.
One thing I do know about Access security is that it is too damn easy to break by anyone with a little knowledge and time--------something that all your adversaries will have.

So too recap; Who, What, where and too what level do nyou need to secure?
 
Last edited:
WOW! This is considerably more than I expected. A more detailed decription of my project is in order. I and my coworkers consult to a U.S. Government agency. We need to have quick access to wide variety of information regarding about 80 sites around the country but for each site, the information categories are the same. So one of my coworkers came to me and asked me to put it all in a database since I have some experience using MS Access. The idea is that the database be loaded on a laptop which we will take with us to the client's office and be able to call up specific pieces of information during the discussions.

What I am trying to achieve, at the moment, is the prevention of accidental changes to the data. I set up forms to present the data but I also use as many pick lists as possible. I just learned that I can change the properties of that object in the form to preclude editing (locked=yes) which is exactly what I need. In the furture, I expect to need much more sophisticated security measures because I expect the database to become much more encompassing than it presently is.

I am interested in the security issues surrounding MS Access because I get two versions. One says that the security on Access is good and the other says the opposite. Which is correct? For a neophyte like myself, it is difficult to separate the wheat from the shaft.

Thanks for your note. By the way, I always make several backups of my work; I have been bitten by that dog too many times.
Steven Ross
 
slrphd said:
What I am trying to achieve, at the moment, is the prevention of accidental changes to the data. I set up forms to present the data but I also use as many pick lists as possible. I just learned that I can change the properties of that object in the form to preclude editing (locked=yes) which is exactly what I need. In the furture, I expect to need much more sophisticated security measures because I expect the database to become much more encompassing than it presently is.
I am interested in the security issues surrounding MS Access because I get two versions. One says that the security on Access is good and the other says the opposite. Which is correct? For a neophyte like myself, it is difficult to separate the wheat from the shaft.
Steven Ross
Click to expand...

Don't get me wrong Access has some good routines built in that are good enough for most peoples uses. It is just that it is limited and can be broken very easily. It all depends on how sensitive this data is. Also a lot of people seem to be under the impression that a badly implemented security system is secure just 'cause they need a few passwords to get anywhere. Data security is a lot more than just making it difficult to get at.

If you are consulting at government level is the data you are handling sensitive. If it is and you are carrying it around then you need to be doubly careful.

Take a good look at group/user security. Using the inbuilt security wizard you can set read only privileges to all except owner or admin. That will stop any accidental changes. You may also like to read the document attached to my post in site suggestions it goes into more detail about implementing security in access and some of the possibilities. Just go easy----setting up security systems can be disastrous if you make a mistake. Work on a copy of your db not on the real thing and make sure that your backup copy is stored sensibly.
 
Thanks for the advice. I clearly have much to learn. I hope no one is in a hurry.

Steven L. Ross
 
Okay so by now you are wondering what the heck you have let yourself in for.

All the comments above are very valid.

I have a zip file containing two articles that assist greatly in the creation of Access security. It can be a minefield for the unwary.

the Security FAQ's and step by step instructions helped me. Unfortunately I cannot post them here because the file is too large. However if you send me a private message with an email address I would be please to send a copy.

This offer applies to anybody. The articles were sent to me by members of this forum some time ago and I am very to be able to return the compliment

Len B
 
Pat,
Thanks for the tip. I downloaded the Security FAQ page per your suggestion and will start going over it. There is a lot there. I seldom use the Microsoft webpages, mostly because their reputation in this office is not good (I am guilty of allowing others to set my opinions - I should doing that for myself). I also consider myself a fairly ignorant user but you already know that. Many of the Microsoft pages seem to contain so much jargon that I get lost in it. I am in my fourth career and having to continualy learn new jargon and acronyms is getting tiresome. Nevertheless, it appears to be the only way. I have many other questions now but I'll work through this document and educate myself first. Thanks, again.
Steven Ross
 
You must log in or register to reply here.

Similar threads

The_Doc_Man
Important Security Guidelines
2
Replies
24
Views
2,265
The_Doc_Man
The_Doc_Man
A
Secure Storage Model for Microsoft Access: Stream-Based Encrypted Data Architecture(for discussion)
Replies
5
Views
427
GPGeorge
GPGeorge
Mylton
Solved Best way to protect VBA code in Excel
2
Replies
20
Views
6,124
Mylton
Mylton
D
Darshan Hiranandani : How to Access a Password-Protected MDB Database with an MDW File and Unknown User Password?
Replies
3
Views
1,189
Isaac
Isaac
B
Advice Request : Simplest method to allow multi-site access to a prototype database
Replies
9
Views
1,160
GPGeorge
GPGeorge

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top Bottom