Secure MS Access front-end from Hex Editor (1 Viewer)

[isladogs]

If you have followed all the steps in my various security articles, then your Access app should be secure enough for all practical purposes.
Nevertheless, no file based application such as Access can ever be absolutely secure ...
... though I do have one example app that nobody has been able to crack (at least not yet).

However I agree totally with the previous comments.
Placing your BE data in SQL Server or similar will be many orders of magnitude more secure still...if done properly.
But even then, it is important to realise that no computer based system can ever be 100% secure

 

[Alhakeem1977]

Hi. If you sincerely want that, then you should start considering using another development tool than Access. Otherwise, you can only go so far with it. Good luck!

Thanks theDBguy for your help, I really love Access, I am trying to develop Web application with Python.
Please advice me if it's the right path.

Thanks agin.

 

[Pat Hartman]

You never answered my question. Are you developing this app to sell? If not, securing it really isn't a problem. You need to make it secure enough to keep people from accidentally breaking it but that's all.

 

[Alhakeem1977]

Apologize, it's not to sell, actually I would like to automate what ever I see there's a manual work in our organization, but I can't help it because it's out of my hand, I will give up and rid of this as IT stands besides me.


I will continue build applications in MS Access and try to sell it.


The security issue leaded me to start building a new application in Python just hopefully to secure my income while retirement after 10 years. Moreover, I started to build an application in vb. net with C# then I stopped as I've realized that Python is much easier and easy to learn. please share your advice to lead me to the right path, thanks in advance!

 

[Pat Hartman]

This is an Access forum. If you have questions about web development, you will get better answers elsewhere.

I have an application that is sold but it is not a "shrink-wrapped" type of product. It is high-end and the clients pay an annual subscription fee and they also sign non-disclosure agreements as well as others The app is "locked" down to minimize the opportunity for prying eyes but Access is not secure so if they want to hack it, they can. Also, due to the nature of the product, I have the source code held in escrow by a lawyer. This gives the client peace of mind should my company go out of business. They make a one-time payment to my heirs and get a non-exclusive copy of the source code for their use only. For this type of product, the protection is more on the design than the code. Business applications are relatively easy to clone once you have access to all the forms and reports and tables. The client always has access to the data. It is theirs after all. But that means that they also have access to the schema.

Apps like search engines are very reliant on coding techniques but business apps are not. So, if you are building a business app, get a good signed agreement and don't worry so much about your code. Worry more about securing the copyright to the design part.

 

[CJ_London]

There is this part of the forum?

Web Design and Development

Discuss the relevant technologies.

www.access-programmers.co.uk

 

[zeroaccess]

It depends how your business is set up, but here's what I do:

1. Database resides on an internal (government) network
2. Database is .accde - no one has the .accdb except for me
3. This .accde is locked down - bypass is disabled, ribbon is disabled, options menu is disabled, right-click menus are disabled
4. The database allows access only via the login form based on your user name from your computer login - there are no passwords to manage - and you have to be on the list to pass the login
5. Front and back end databases are hidden on the network with active directory and folder permissions are only granted to users, narrowing the number of people who have access by 95%
6. Back end is encrypted if any of this small pool of people finds it - and these are users, not hackers
7. If you wanted you could employ other schemes...

For all intents and purposes, the only way in is through social engineering of the db admin himself (me), which ain't happening, folks. By the way I like dark chocolate

 

[FrankRuperto]

@Alhakeem1977

There's plenty of methods and tools easily available on the internet for breaking into Access, SQL-Server, Windows, etc.
Do a google search and see what you come up with.

 

[The_Doc_Man]

Actually, in reviewing this thread, I am surprised that no one pointed out this option or asked the question: So the IT group doesn't like Access security? Then don't use it. Instead, use DOMAIN-level security and throw the monkey on the IT department's back. Let THEM carry the monkey for a while.

That's what I did for the U.S.Navy for a long time, several years worth of use before they got a new system to do (commercially) what I had done (home-grown). But my solution of using the domain's built-in security rules was perfectly acceptable to the Navy.