Frank also sent me an email with the above info & screenshot together with some additional material
This is a shortened version of my email reply:
=======================================
Unfortunately, Frank’s claims made about hacking this example app, in emails, here at AWF and earlier at UA, have included a lot of smoke and mirrors. The screenshots in the previous post continue this tradition.
It is certainly true that the FE can be unlocked and the supplied password removed either using VBA from an external application (or by the use of a $99 utility which Frank purchased for this purpose).
Doing so, will re-enable the Export context menu command
However, the Excel file in the screenshot is not the result of doing that export on any of the forms shown.
Those are indeed the 'apparent field names' that are exported...but actually they are the control names rather than the real field names
The data shown isn't what is exported when that process is done.
The Excel file shown has been populated by a different process
And in any case, it isn't the complete source table from the encrypted BE database.
Having only one shared password for all users to open the same accde FE further deteriorates security. Most data breaches occur by users who are not authorized to view certain sensitive data, e.g. payroll, credit card nums, etc, so only one shared password for everyone is a major shortcomming. Most users and even veteran UA and AWF developers will agree that breaking into an FE is unacceptable security.
Of course, much of that is true.
Nevertheless, users can also be required to login and, if desired, some form of two step verification can also be added
Sensitive data can be made more inaccessible using e.g. using password protected forms.
Particularly sensitive data such as Credit/debit card numbers should NEVER be stored in an Access database. The validity of credit/debit card data entered by customers would be checked against the card providers own data (16 digit number, expiry date, CRC)
Anyway, I thought I'd upload another partly completed example that I had already been working on
Its an encrypted ACCDE file made in A2010 32-bit with password
FrankTheTank (thanks to
@Mike Krailo for that idea!)
It has one password protected form and one deep hidden table
Unlocking the file will be relatively easy. The challenge is just to do the following:
1. Find out the password to the form
2. Decrypt the deep hidden table and email me the decrypted version
Simples!
NOTE:
1. Its far from finished & I may have left some unintended 'back doors'. If so. it will be easier than intended
2. The attached file should open in any 32-bit version of Access from 2010 onwards. If anyone would like a 64-bit version, let me know
FrmBEXDataExport.PNG
