VBA Security

R

robthedog

Registered User.
Local time
Today, 22:30
Joined
Jan 3, 2004
Messages
40
:eek:
I recently had the misfortune of one of my ‘colleagues’ downloading some software to crack the password protection on the VBA modules included in a database I’ve built, and then, doing quite a bit of s*** stirring because of a couple of little insurance policies I’d included in the code (nothing malicious, just little friendly reminders on certain dates). Does anyone:

a) have any suggestions as to how I can protect my code from prying eyes in future. & b) know of any download available that will crack VBA project passwords, because I need to show that it’s not difficult in order to get me out of the s***!

Cheers

Rob
 
Fire him, keep a regular backup, fire the next person that does it. :D j/k.

Did you create a MDE?

(question in a question)
Can VBA be changed in a MDE?
________
Athon
 
Last edited:
There are loads of password crackers out there and a lot of them free.
 
Thanks for the suggestion

Fire him - It's me that's going to get fired!!

No I didn't create a MDE because it's an ongoing project that I have to keep adding to. As far as I know, you can't update the code in a MDE the same as you can't in a .exe

Rob
 
I've found plenty that will crack the DB password, but can't find one for the VBA Project.
 
If you seperate the db then you can hold all the codes, forms etc seperate and issue an mde for use.

Keep a working copy in mbd form that only you have access to. That way when u update you just replace the mde with the latest version.
 
robthedog said:
I've found plenty that will crack the DB password, but can't find one for the VBA Project.
Click to expand...


Look again, last count over 100 sites advertising VBA crackers
 
Thanks

I had thought about keeping master files then creating updated MDE files, but as the applications are updated daily by users on 7 sites, this would have meant loads of work importing tables etc. for each update, but in retrospect, that's what I should have done.

Rob
 
Parker said:
Look again, last count over 100 sites advertising VBA crackers
Click to expand...

Yep!

But I spent a whole afternoon trying different downloads (v. time consuming @ 56k) and couldn't find anything which lived up to it's claims and can do the job. Maybe you could suggest one that will...

Cheers

Rob
 
I don't think that it is in the spirit of this forum but, in the interests of everyone's security, one that dose work is:

Advanced VBA Password Recovery PRO

But there are hundreds of them. Use a search engine with "VBA password recovery" as the criteria. Most of these utilities are desighned with honest intentions but people will be people and so they get used for dishonest ones as well.

I use 'Cain' to keep track of everyone's p'words but I don't know if it will do VBA. I've never tried it.
 
If your 'colleague' can crack the built-in Access security with a freebie download then I will be impressed. Try securing your db with Access security [workgroups & permissions] and secure everything you do not want the riff raff to see.
 
ghudson said:
If your 'colleague' can crack the built-in Access security with a freebie download then I will be impressed. Try securing your db with Access security [workgroups & permissions] and secure everything you do not want the riff raff to see.
Click to expand...

I must admit that I've tried to avoid using user groups / permissions since a bad experience with access 2000 (to embarrassing to go in to details!). But thanks for the suggestion and I’ll maybe have a go.

Can you set user level on modules?
 
Parker said:
I don't think that it is in the spirit of this forum but, in the interests of everyone's security, one that dose work is:

Advanced VBA Password Recovery PRO

But there are hundreds of them. Use a search engine with "VBA password recovery" as the criteria. Most of these utilities are desighned with honest intentions but people will be people and so they get used for dishonest ones as well.

I use 'Cain' to keep track of everyone's p'words but I don't know if it will do VBA. I've never tried it.
Click to expand...

Thanks, but that's one that I did try and it works with Excel but Access isn't supported.
 
robthedog said:
Thanks, but that's one that I did try and it works with Excel but Access isn't supported.
Click to expand...

Ok I'l Give you that one. I hadn't checked that it supported Access VBA.

However, last night I did some research and within 20 mins had downloaded 15 password crackers that where ether "try before buy" or free. All clamed to be able to crack Access VBA's 3 I tried against a dummy db 2 worked with little or no hasstle and I was able to view vba code that had been p'word protected using the processes described in the Access help files without producing an MDE.

Some understanding of how MS Access security works may help. Take a look at this site.

http://www.vb123.com/toolshed/00_accvb/accesssecurity.htm

So be warned. The fact is that the tools are out there and if you can't figure out how to use them or don't have the time then there are also any number of sites out there that you can upload too and have them crack a password for you.

An MDE file is the best way and even this is not proof against a serious hacker without extreame care. Last week I managed to crack a db that is on sale for £2,500 because the designer had secured the db in such a way that the MDE file was not a true MDE and the code was accessable on the purchase of a "KEY". My intentions where to have a look at some of the code for education but the company involved was most concerned.

Fact of the mater is your friend has spent a bit of time on research and found a way around your security methods.

Try this: what where they doing spending time on an opperation like this? did they do it in work time? If so then they are in troub.

Also, try making light of the situation and finding out how they did it in the first place. Most people of that mindset are only too proud to boast over a friendly pint.
 
I recently had the misfortune of one of my ‘colleagues’ downloading some software to crack the password protection on the VBA modules included in a database I’ve built, and then, doing quite a bit of s*** stirring because of a couple of little insurance policies I’d included in the code (nothing malicious, just little friendly reminders on certain dates).

First, the 'insurance' policies you mentioned could not possibly cause any stirring unless they did something that might have been considered ethically questionable or non-trusting. I make no accusations, but I will offer these thoughts.

Did you encode a back-door? Many companies would consider (rightly so) that exposing a back-door personal to you would actually be GOOD for the company because you should not have one of those without proper authorization. Even if it is your project (see below about ownership issues).

Was it something that would tweak someone who didn't behave? You have to be careful because what you are doing might not be within security policies in your company. Tweaking might be wrong. Automatic e-mail reporting to your security persons might be the proper response.

suggestions as to how I can protect my code from prying eyes in future.

Other posters have commented on Workgroup security as part of the problem. I most heartily agree. However, you have another issue that no one has discussed yet. What is company policy on cracking of the product? What status, if any, did the product have within the company?

Where I am going with this is simple.

If the s***-stirrer cracked your personal project and that product is not marketed by the company (and maybe isn't even officially recognized by the company), then basically you might have no recourse.

If the company recognizes this project officially, they may have a policy regarding hacker/cracker attackes on company products.

There is also the issue that anything you do on company-owned computers is the property of the company. It might actually have been ILLEGAL for you to encrypt that code without permission.

Finally, some companies have been known to make it an "instant firing" offense to have a password cracker loaded to a company machine. To know this, you need to know company policies on the subject.

I understand your indignation, perhaps even sympathize with it, but before you decide where to go next, make sure your indignation is not misplaced. If you don't start from the company policies on computer security, you are going nowhere with no legs to stand on.
 
I recommend you catch him off the premises and kick the living sh-- out of him.... Might be surprised how many questions you have that will be answered then... :D

I crack me up!!!
 
Thanks for all the suggestions etc. I don’t think that I’ll try the “Mitch” approach though. Although I do wish that I’d had The disable shift key sample beforehand.

I’ve got a meeting next Wednesday to justify my actions, and the line I’m going to take is that as the DB is property of the company, then any security measures I’ve included are protecting their property from unauthorised users.

Thanks again
:cool:
Rob
 
You must log in or register to reply here.

Similar threads

zelarra821
Solved Protect VBA Project Programmatically with SendKeys
Replies
12
Views
659
zelarra821
zelarra821
K
Barcode Scanners
Replies
4
Views
484
kevnaff
K
isladogs
Access Europe User Group - Wed 2 Apr: Class Modules: How, Why and When To Use Them in the Real World (Anders Ebro)
Replies
2
Views
327
isladogs
isladogs
A
Numerical ID vs Alphanumerical ID: practical advice needed on best way forward from where I am
2
Replies
23
Views
1,164
Cotswold
Cotswold
J
Interesting artical about what government can and can't do. It's a bit longish, but worth the read.
2 3
Replies
43
Views
1,841
Thales750
T

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top Bottom