A97: Prevent users from attaching to your secured tables.
Posted on 2003-02-27
1. We have a split application. It is a ?data? mdb and an ?application? mdb. For clarity, lets name them myAppl.mdb and myData.mdb (myAppl links to myData)
2. Our clients have the same icon with the following properties "C:\.\MSACCESS.EXE" /User GUser /wrkgrp j:\SYSTEM.MDW j:\myAppl.mdb
3. We have read a variety of MSDN articles but they don?t appear to address our Goal/Issue ( the ?Version 2.41? of article 165009 ?Microsoft Access Security FAQ?, etc)
1. Create a Generic User (id=GUser) such that GUser can read, update, delete data (via myAppl), but they cannot create an MDB and attach myData* and modify the tables directly.
To illustrate the problem of Goal/Issue above there is a loophole in Access97 security.
If I create a shortcut with the following command line parms;
1. a reference to the 'live' mdw
2. a valid ID for that mdw*
3. and an INVALID mdb
....access will prompt you for a new mdb and then you can attach to the data (ie. Since you have successfully joined the correct MDW with a valid ID).
Is it possible, in the ?start up? code, to change the user who is logged in? What we are thinking is that our command line string would contain a ?user? who has read-only access. Within our ?startup? we could then log in as the user who has the proper rights. In short, our ?real? user will then be ?concealed? from the end user.
thanks in advance,Joe
ps. Special challenge to you out there. A first level Microsoft Support Engineer has said you can?t do it.