Solved

Protecting a BackEnd

Posted on 2004-08-25
9
701 Views
Last Modified: 2012-06-21
I've got a split database residing on a network drive. The front end is copied locally onto each user's computer. I tried protecting the backend database with a password, but when I did, the frontend didn't have access, a box came up with a wrong error message. Where do I assign the password in the frontend? I tried the Security Wizard, but I didn't follow the instruction closely, since I was locked out completely. (Fortunately, I backed up everything before running the Wizard!) How can I protect the backend?
0
Comment
Question by:horalia
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 84
ID: 11898443
Did you use the database password, or did you run the Security Wizard and implement User Level Security?
0
 
LVL 8

Expert Comment

by:Eric Flamm
ID: 11898444
I just create an AutoExec macro that Closes the application - so if someone double-clicks the back-end, it pops open and closes again. I also have a function sitting in a separate mdb that sets AllowBypassKey to false, so users can't hold down shift to get around the AutoExec. Of course, I also have a routine to enable the Bypass Key for maintenance purposes.

This won't prevent someone from linking to the tables in the backend - I don't know if there's a way to prevent new links from being established without screwing up the ones you need in the front-end.

-ef
0
 
LVL 8

Expert Comment

by:Eric Flamm
ID: 11898447
Tools-Security-Set Database Password in Access XP - need to have exclusive database access to set or clear the password - but this would only protect the front-end, not the back-end.

-ef
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 16

Expert Comment

by:ahmedbahgat
ID: 11898560
if you give the admin account within the security file used "NO Access to all the tables", you have logically protected the backend

this will not allow anyone using any other security file, from reading, linking to the backend, they can copy it but they can not read it, unless they use the same security file and they have a valid account with the right access

using a databse password, autoexec macro, or disabling the shift button will offer no protection


cheers
0
 
LVL 49

Expert Comment

by:Gustav Brock
ID: 11901844
First, you cannot really protect the backend without Access security. And even then, this can easily be cracked by utilities available for a few dollars.
However, to just keep out the naughty user, the backend database password is easy and fast to apply.
How to save and reuse the password without a dialog with the user, visit this link:

http://www.experts-exchange.com/Databases/MS_Access/Q_21105826.html

/gustav
0
 
LVL 84

Accepted Solution

by:
Scott McDaniel (Microsoft Access MVP - EE MVE ) earned 500 total points
ID: 11901937
I tend to disagree with most people in regards to Access User Level Security ... if properly applied, and if you make use of Windows security in conjunction with it, then you've got a pretty good security scheme, but gustav is correct in regards to utilities available to crack your security. Of course, the same warning applies to ANY protection scheme for ANY product - if man can make it, man can break it. It's just a matter of desire.

Your security scheme depends entirely on your needs. Do you just want to make it difficult for the casual user to get in? Then apply the db password, rebuild the links between your frontend and backend (supplying the backend password when needed) and go from there. To make it more difficult, apply User Level Security. Next step - apply Windows security (assuming your tables are on an NT-style box, that is). Next step - allow data access ONLY through RWOP queries and disallow ALL access to tables. Next step - encrypt the data. Next step - migrate your data to a true client/server style db (like MSSQL) because you've gone as far as you can go with Access.

0
 

Author Comment

by:horalia
ID: 11908301
I don't want users to get into the backend part of my application. Most users at my company do not use Access and I don't think that they would be able to bypass some of Access security features, but since I'm distributing the application to more groups, there will be more users and much more of a chance that information may be corrupted. I'll relink my tables and protect the backend, and go from there. I have applied User Level Security, but that only pertains to the form. Thanks!
0
 

Author Comment

by:horalia
ID: 11908414
I linked the tables to my frontend, but I didn't see an option to place set a password for the backend. Where do I do this?
0
 

Author Comment

by:horalia
ID: 11908537
OK, I was linking a backend that didn't have a password. That takes care of this problem.
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
In Microsoft Access, learn different ways of passing a string value within a string argument. Also learn what a “Type Mis-match” error is about.

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question