[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 984
  • Last Modified:

Can I force .mdb file to refer to a runtime loader to startup my db if not don't startup

Hi Expoerts,

I was warned, that if you have access installed on your computer and you have an access runtime application, you will be able to get to all the rearend objects, sure enough you can.

I was wondering if I could force my .mdb file to refer to the runtime loader the same way it does when you run it from a shortcut with the /runtime switch.

I've noticed the sagekey scripts simply copies my db (.mbd) to a specified directory and then creates a shortcut to it with /runtime switch, If a user that has access installed finds this .mdb file they are capable of doing any thing they wish with it, One good thing if they don't have access installed they will still be able to use the db but not get to design view, to change or modify it.

I'm trying to think of a way a user with access installed will not be able to open my .mdb file so I can keep it safe-guarded?

Any ideas?

Thanks--Patentinv



0
patentinv
Asked:
patentinv
  • 23
  • 20
  • 4
  • +1
3 Solutions
 
patentinvAuthor Commented:
oops, I meant;
I'm trying to think of a way a user with access installed will not be able to open my .mdb file (unless it's in runtime mode), so I can keep it safe-guarded?
0
 
peter57rCommented:
Hi patentinv,

You sould not be relying on the runtime environment for security - as you have found it is quite ineffective.
Sounds like you should be implementing Access workgroup security on your application and preventing access to the design and/or using mde files.

This is a good starting point:
http://www.geocities.com/jacksonmacd/AJMAccessSecurity.pdf

http://support.microsoft.com/kb/207793/en-us will give you the details.  This is not a trivial topic, allow several days to get to grips with it.  Do not practice on anything that matters.

If you have multiple versions of Access on a machine, double clicking an mdb file will start the version of Access that was last used.  Therefore, if the version matters, users must have desktop shortcuts which point to the correct msaccess.exe for the application.

Pete
0
 
patentinvAuthor Commented:
Hi Pete,

I read the first link you sent me, It appears in My case it's different, I think?
My customers will be down loading my self executing file and it will install access as a runtime version, it puts the .mdb in a folder that they can get to.

So if they can get to the .mdb file I can't see any use in worrying about workgroup security, but please tell me if  I'm missing something.

If I could set a password on the .mdb file it self so it would ask for a password before opening, if this is possible, but would that work if they opened through open inside of access?

i can't get around them having a copy of .mdb file,

Look what I found.... on your second link

28.      How do I prevent a run-time application from being opened in full retail Microsoft Access?
You’ll need to create a function that uses SysCmd() to check to see whether the database is currently opened under the run-time version:

Function KillIt() As Integer
    If Syscmd(SYSCMD_RUNTIME) = 0 Then
    ' use the following intrinsic constant for Microsoft Access 95 or 97
    ' If Syscmd(acSysCmdRuntime) = 0 Then
        Application.Quit
    End If
End Function

Call this function from your Startup form or AutoExec macro as the very first action. This is the first line of defense. Unfortunately, anyone who knows to hold down the SHIFT key will not be kept out by this function, so you will also want to disable holding down the shift key, as shown in the previous section. You may also want to put additional calls to KillIt() in your database—for example, in the Open events of your forms, or as calculated columns in queries. You may not be able to keep people out, but you can certainly make it inconvenient for them to be in.
Microsoft Access 95, Microsoft Access 97, and Microsoft Access 2000: You can set the AllowBypassKey property as discussed in Section 27, "How do I prevent users from holding down the SHIFT key to bypass the AutoExec macro?". This will cause the AutoExec macro to always run, so you wouldn't need to place your kill function in all your major forms or queries.

Looks like this might do the trick,  What do you think? It refers to use the following; intrinsic constant for Microsoft Access 95 or 97  

I'm using Access 2003, Think it will still work?

Thanks--Pete

Patentinv
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 
thenelsonCommented:
To secure the frontend (the db with the forms, reports, code, etc.), you have eight levels of security, lowest to highest in security level also easiest to hardest (you can use any combination of them):

1: Create an macro in the frontend with the name of autoexec.  A macro with that name will run whenever someone tries to open the backend directly.  Have the macro create a msgbox with something like "You bad, bad boy!" and quit.  Create another macro with an obscure name that does nothing or opens your main form.  To open the database, you use the command: FullPath\msaccess DBPathName /x MacroName.  You can use a shortcut to start your database.  Downside: a: The user name and password is easy to read from the shortcut. b: The shift bypass can be used to open the db

2: Goto tools, startup.  Uncheck all the check boxes including the one after clicking advanced in W2k.  Downside: Same as 1b

3: Disable the shift bypass.  The easiest way to do this is with a utility such as: Access Property Editor at: http://www.jamiessoftware.tk  Downside: Can be easily enabled. However if you add the following code to a module which deletes the database if the shift bypass is disabled  and call the sub from every on open event of every form and report, you can make life a little more complicated for someone trying to bypass the shift bypass:
Sub temp()   'Purposely obscure name
Dim fs As Object, f As Object, ts As Object, I As Integer

If CurrentDb.Properties("AllowBypassKey") = False Then Exit Sub

Set fs = CreateObject("Scripting.FileSystemObject")
'Create a file, overwrite if it already exists
fs.CreateTextFile "eraseme.bat", True
Set f = fs.GetFile("eraseme.bat")
Set ts = f.OpenAsTextStream(2, 0)

'create the lines in the batch file
ts.WriteLine ("ping 1.1.1.1 -w 20000 -n 1")  'wait twenty seconds
ts.WriteLine ("Del """ & CurrentProject.Path & "\" & CurrentProject.Name & Chr(34))
ts.Close

'Run the batch file
Shell Chr$(34) & "eraseme.bat" & Chr$(34), vbHide

'Wait for the batch file to start then quit
For I = 1 To 30000
Next
DoCmd.Quit

End Sub

4: Convert the Front End to a mde file (tools, database utilities, make mde file). Be sure you keep a copy of the mde file.
 
5: Build your own login/security system.  Here is a sample database to show you how (or just cut and paste): http://www.nosuffering.com/Nelson/Login.zip  Downside: Easily circumvented by shift bypass, opening with another database or just looking at the security tables if they are not encrypted.

6: Set passwords for the front end (the part with forms, etc) and backend with tools>security>set passwords.  If you don't want your users to have to put in the user name and password, you would then put the following in the shortcut to start your database:
msaccess <database name> /User <user name> /Pwd <password>
Downside: a: the user name and password is easy to read from the shortcut. b: there are programs readily available starting at about $20 which will parse out the user name and password.

7: Use msaccess user level security.  A great reference: http://support.microsoft.com/default.aspx?scid=%2Fsupport%2Faccess%2Fcontent%2Fsecfaq.asp
Downside: a: same as 5a,  b: a huge jump in complexity.  

8: Write the Front End in a compiled language and compile an exe file. Downside: same as 6b


To secure the backend (the db with the data), you have five levels of security, lowest to highest in security level also easiest to hardest (you can use any combination of them):
1: Create an macro in the backend with the name of autoexec.  A macro with that name will run whenever someone tries to open the backend directly.  Have the macro create a msgbox with something like "You bad, bad boy!" and quit.  Downside: someone can easily access the data from another db.

2: Set passwords for the front end (the part with forms, etc) and backend with tools>security>set passwords.  If you don't want your users to have to put in the user name and password, you would then put the following in the shortcut to start your database:
msaccess <database name> /User <user name> /Pwd <password>
Downside: there are programs readily available starting at about $20 which will parse out the user name and password.

3: Encrypt the backend with tools > security > encrypt.  Downside: Built in encryption does not use a key so anyone with Access and the password in 2 above will be able to decrypt the backend.

4: Use msaccess user level security.  Downside: a: same as 3a,  b: a huge jump in complexity.  

5: Create your own BE encryption scheme or use an encryption addin.  Downside: a: same as 4b, b: if you lose your encryption key or the backend gets corrupted and you don't have backups, you are screwed big time.
http://support.microsoft.com/default.aspx?scid=KB;en-us;q165009
http://www.netlib.com/encryption-software.shtml
0
 
thenelsonCommented:
>So if they can get to the .mdb file I can't see any use in worrying about workgroup security, but please tell me if  I'm missing something.
Workgroup security will help keep them out of the mdb.

Function KillIt() As Integer will help secure the BE.

>anyone who knows to hold down the SHIFT key will not be kept out by this function, so you will also want to disable holding down the shift key<
Most people who know about shift bypass, know how to enable it (see my FE#3 above).

Since there are programs to hack user level security, your only true way to secure the BE is create your own BE encryption scheme (BE#5 above).  User level security is fairly secure as very few people will go to the trouble and expense to hack it.  It is the MINIMUM security level I would use to keep my BE data secure in a published database.
0
 
patentinvAuthor Commented:
Hi thenelson,

Wow you have provided quite a few options, I'll try an implement as many of your ideas as I can, Starting with the easiest first and go from there.

If I can just make opening the.mdb file a real burden, that would take some effort for an average end user to figure out. That will do for me.

It's like the lock on my gate if you really want in all you would have to do is either jump the fence or get some bolt cutters, but it keeps out most of the people.

>So if they can get to the .mdb file I can't see any use in worrying about workgroup security, but please tell me if  I'm missing something.
>Workgroup security will help keep them out of the mdb.

So if I make a group account and and give this group account only the minimium rights like read, and enter data into forms and assign it a  password and a user name like (estimator) since my program figure estimates.
When any one clicks on the .mdb file it will ask them for a username and password
if they enter estimator and the correct password , then they will be able open the .mdb file, but won't they still be able to go into design view and look around?

Thats whats great about runtime mode, it doesn't provide design view as an option.

Thanks--Patentinv

0
 
peter57rCommented:
In my opinion, you have to look at the security options and then be very clear about what it is you want to achieve with security.
Be quite clear in your own mind about what precisely you are trying to protect.  There is no 'general requirement' for security beyond any legal requirements you might have to meet in specific types of application.

And distinguish between what is necessary for your user/customer and what you are doing for YOUR benefit.  They can be quite different.  Protecting code is often easily done through the use of mde files but if your app requires any use of form or report modification features then mde is not possible.
But if it is necessary to control user access to specific sets of information then workgroup security is the way to go.

In my own circumstance, i operate a philosophy  that I don't apply any more than the minimum security necesssary - ANY security can be a pain in the neck if you're trying to fix a problem over the phone.   But that's just me.

Pete

0
 
thenelsonCommented:
Only you can decide what level of security you need for your database.  

As far as protecting the design of your forms/reports and your code, converting to an mde is quite secure.  It is not easy to hack the design of forms/reports out of an mde and even harder to reverse engineer compiled machine language into readable VBA.  Be sure to keep a copy of the mdb because you will have an extremely hard time editing the mde.  

Converting to an mde will not protect the data.  However, it is quite rare that a published database will be delivered with data that needs to be secure (usually the user will add the data).

As Pete pointed out, often less is more.  If you have a desirable product that is overpriced, someone will figure a way around all your security.  Look at the startup of the PC.  IBM thought they would make a killing because their hardware, firmware, patents and copywrite security was solid.  It took the industry about 6 months to reverse engineer the PC (and the first 5 months, the industry was just watching to see how the PC would sell).
0
 
stevbeCommented:
<it is quite rare that a published database will be delivered with data that needs to be secure (usually the user will add the data).>

And if your application falls into the exception category you should not be developing with Access.

Unless there is something in your data structure itself that you would consider patentable then I would only make .mde and put in a couple of Runtime checks along the way. Beyond that I might consider using ULS by making 1 super account that has admistrator/owner/deign permissions and 1 lowlife account that can only read/execute and just before deployment make a copy of your mdw and then rip the super account out of it.

Make backups before every step you take in any attempt to secure your app as the last thing you want to do is lock yourself out.

Steve
0
 
thenelsonCommented:
Steve,
>And if your application falls into the exception category you should not be developing with Access.
I have seen statements like this many times.  What do you think is more secure than Access?  I have also seen Access/SQL server backends that were encrypted with very high level encryption.
0
 
stevbeCommented:
I should have been a bit more explicit ... then your DATA should not be stored in Jet.
MDSE, SQL Express,  whatever version of SQL Server you are comfortable with is more secure than Jet.
0
 
patentinvAuthor Commented:
Hi Experts,

Thanks for all the reply's,

I'm confused about the .mde file, I know access can convert your .mdb file to a .mde file, unfortunatly I can't do that I have to many objects in my .mdb file it fails telling me that I have to many objets for the jet engine.

But anyways, back to my confusion when you mention runtime I was under the impression that your .mdb file got turned into a .mde file, But the way the sagekey MSI Wizard works is that it makes your .mdb file into a self executing file and when you run this self executing, it places your .mdb file in a folder and provides a shortcut to it with a /runtime switch in its target, I was under the impression that it created .mde file but it doesn't, is it suppose to, or am I suppose to do this,? Because if I'm suppose to: I'm dead in the water, my .mdb file has to many objects.

I'm not sure what runtime means, I thought it meant you had .mde file.

How ever it is suppose to work, I'm satisfied with the fact that if you don't have $MS Accesss installed on your computer you can use my program and it works just like it does if you did have access installed.

I think I'll call sagekey tomorrow and ask them why my .mdb hasn't been converted to a .mde file? or is it suppose to be?

Back to the security issue, I will try and implement as many of the suggestions you experts have mentioned, to safe guard my .mdb file.

I'd better get to reading on how to implement work groups security and how to assign users to the groups and rights to the groups. I like the idea of two users/groups Super-user and data input users which will be all the purchasers. I'll be the Super User. I'm a CNE in Novell and we call it Supervisor, where Microsoft calls it Administrator/Admin. In Novell it seems easier because you can assign rights to branches .directories and all subfolders will inherit these rights, In the NDS tree. where it appears access makes you assign rights to each objet, well I have over 400 tables, 175 queries, 225 forms, and 450 macros. Which if I have to assign rights to each objest will take along time. Unless I'm missing some thing.

Thanks--Experts, I really appreciate all the help.

Patentinv

 
0
 
peter57rCommented:
The term 'runtime' in this context refers to the  Access package you are creating and installing.
The 'runtime' is a full version of Access modified to disable all its design features.
It has very little to do with your application beyond which files make up your app and makes no changes to the mdb or mde file that you choose to distribute.
So <you> decide whether to distribute an mdb or an mde file and you give that info to the installer as you are creating your package.

You might indeed have a problem creating an mde from an mdb with this many objects.
There is a limit of what MS calls TableIDs of 2048 at the time an mde is created. Unfortunateley there is no accurate way of predicting how many TableIds are going to be required, although you will use a minimum of 1 per table and query and probably 2 for each form, 1 or 2 for each report and 1 for each of the rest but that is just the minimum because Access uses TableIDs internally for its own purposes too. So I can see 1600 from your figures and that doesn't include reports.

In assigning permissions you can choose a group, select all objects of one type (all tables, say) and assign permissions in one go.  Based on your intended use of 2 groups, this does not sound that big a job.  Obviously if you have any exceptions in the objects wou will have to deal with each of these separately.


Pete
0
 
patentinvAuthor Commented:
I see I need to create my own .mde file, if possible. I don't think Access will let me
because it limits the number of objects/Table ID's you can have.

I did give my .mdb file some security, I added a Super user and another user (with only minimal rights).

What I don't understand is when I copy .mdb file to another computer and try to use it it doesn't ask for any passwords but if I run it from where it was copied from it prompts me for a password. hmmm?

I believe it has some thing to do with the .mdw file. I wonder if I need to copy that file to the other computer.

It really doesn't matter because the sagekey install program does all this for me. It places the .mdw and the .chm help files in the same diectory where the .mdb file is, so this makes life alot easier when deploying it to customers.

Thanks--Alot

Patentinv
0
 
thenelsonCommented:
I believe it has some thing to do with the .mdw file. I wonder if I need to copy that file to the other computer.
Yes you do.  Put without the mdw file, you should not be able to get into the database.  Most likely you can because you did not remove the rights from the admin user.  When there is no mdw file, the database opens under the admin user.  By default admin has full rights.  Change admin to no rights or very limited rights to prevent someone having full access with no mdw file.
0
 
peter57rCommented:
I gave you two references for Security in an earlier response .  You have to read at least one of these if you want to set up security soundly.  It is not instinctive, and as you see, if you do not complete all necessary steps in the correct order you will be left with a system that is not secured.

Pete
0
 
patentinvAuthor Commented:
Oh, I see with out any .mdw file it opens to a default admin account with all rights, that makes sense, So I can just, re-assign lower level rights to admin or 0 rights.

Yes Pete, I appreciate the links and you are correct I jumped ahead and did not go step by step, and this is what happens, But like every thing else I believe you learn more when you make mistakes and try different things and have to figure it out. But the last thing I want to do is be a burden to you experts, with out your guys help I'd be going through bottles of asprin, I mean Excedrin!!

I'll go back and read carefully and do each step in the correct order.

I implemented the USys into my database objects,
1.      You can preface your objects with "USys" so that they will be hidden in the Database window

This is pretty nice little trick.

I also got the this working, which is also a nice little trick,
 
How do I prevent a run-time application from being opened in full retail Microsoft Access?
You’ll need to create a function that uses SysCmd() to check to see whether the database is currently opened under the run-time version:

Function KillIt() As Integer
    If Syscmd(SYSCMD_RUNTIME) = 0 Then
    ' use the following intrinsic constant for Microsoft Access 95 or 97
    ' If Syscmd(acSysCmdRuntime) = 0 Then
        Application.Quit
    End If
End Function

My next adventure is to:
 27.      How do I prevent users from holding down the SHIFT key to bypass the AutoExec macro?

which I'm just about to try and get working.

My security so far consists of:
1. Runtime mode, if executed from the shortcut. using sage key install

If they click on the .mdb file, and not the shortcut.
2. Database Password. If they get past this then,
3. User password with 0 rights. If they get past this then,
4. .mdb wil only open in runtime mode, using the KIllIt module, If they get past this then
5. USys Hides all databse objects, If they get past this then
6. Not sure

Thanks--Experts,



0
 
thenelsonCommented:
>But like every thing else I believe you learn more when you make mistakes and try different things and have to figure it out.

That is true for most things computer.  But there are a few things that if you don't do a bunch of reading first, you will probably create a mess that will take you a doay or two less than forever to back out of.  Some that come to mind is setting up a domain, setting up a server, group policy (especially pre W2002) and as you are finding out, Access ULS.  I'm sure there are others.

>How do I prevent users from holding down the SHIFT key to bypass the AutoExec macro?
You can find a demo database with shift bypass functions at: www.thenelson.name/#ShiftBypassDemo

The easiest way to disable the shift bypass is with an outside DB like
Access Property Editor http://www.jamiessoftware.tk (changes all the startup features)
or
http://home.comcast.net/~rhobrero/download/ByPass.zip created by capricorn1 (is an mdb, so you can modify it.)

Start Either one, select your DB, select disable shift bypass - your done.

Here is code for disabling the shift bypass:

Function DisAbleShift()

      Dim d As Database
      Dim prp As Property

      Set d = CurrentDb

      Set prp = d.CreateProperty("AllowBypassKey", dbBoolean, True)
      d.Properties.Append prp
      d.Properties.Refresh

      d.Properties("AllowBypassKey") = False

End Function

Put the code in a module, click your mouse anywhere in the function and press F5 (Run).  Close the database.  The shift bypass should now be disabled.

0
 
patentinvAuthor Commented:
Hi thenelson,

Wow your code for disabling the shift bypass, works great!!! Thanks,

I added that to my db with all the other security features like KillIt, which only allows .mdb files to run/open in runtime mode, now I can't even open this .mdb file, which is exactly what I wanted, glad it's a back up copy.

This is kinda fun, I feel like a I'm building a safe guard for the airlines trying to keep out terrorists, lol.
I Check there ID's, Check there pockets/baggage, make them walk through scanners/metal detectors, and if they are really (terrorists) and were slick enough to pass all these steps, they get to fly, but in my case they get to run, (runtime mode).
But hopefully they won't get to runtime mode and if they are really determined hackers and bypass runtime mode all my objects will be invisible (USys) preceding objects. hmmm, wish I could make a virus, that would run if they clicked on some thing while hacking around that would reformat there harddrive, lol.

I ask a simple question and with in a couple days with all your info. I feel like I've created a bullet proof .mdb file.


Thanks--Experts,

0
 
thenelsonCommented:
>I feel like I've created a bullet proof .mdb file.
Don't get over confident.  Access databases are pretty easy to hack into.

Concerning the shift bypass.  That is very easy to enable again.  Take a look at:
http://www.jamiessoftware.tk 
0
 
patentinvAuthor Commented:
I guess to have a positive attitude, I can look at jamies software as a way to get back in if I ever get locked out.

We'll so much for bullet proof, guess I'll head off to school.
When I get back I get to start making a Poor Mans Copy Right/Terms and Conditions.

Thanks--
0
 
thenelsonCommented:
To create an other security level to protect from utilities like jamies software, take a look at the AntiAllowBypassKey Function at the end of modShiftkeyFunctions module in www.thenelson.name/#ShiftBypassDemo
0
 
patentinvAuthor Commented:
Hi thenelson,

I'm not understanding, when I open this file it finds my login and your 1234 password is not accepted, so nothing seems to work.

hmmm, am I doing some thing wrong?

Thanks--patentinv
0
 
thenelsonCommented:
Did you disable the shift bypass, exit, then reenter the database with the shift bey held down?  The database should then ask for a password.  If you enter the right password, the database will enable the shift bypass - just a simple feature to demonstrate the technique.

The part I was referencing is the AntiAllowBypassKey Function at the end of modShiftkeyFunctions module.  I did not demonstrate this function since it would delete the database.
0
 
patentinvAuthor Commented:
Oh my bad, I did a no no and did not understand,

I see if I have the Shift-By-Pass-Key Not an option / (disabled) as I do (thanks to your provided code), and some-one try's to use a third party software (like jamies or Capricorn1) to re-enable the Shift-By-Pass-Key to hack there way into my db.
Your code prompts them for a password, instead of just re-enabling the Shift-By-Pass-Key. Wow this another great idea, and the other option you mentioned would be to delete the db, Instead of using a password, which is even better.

How come I can't see any of your objects, like forms, tables etc. in design view?
Your design view is different than any one I've ever seen.

I was looking for the AntiAllowByPassKey function at the end of the ModShiftKeyFuntion module, thats suppose to delete the db, if they try to re-enable the Shift-By-Pass-Key.

But you mention these functions will not work to keep third party softwares like capricorn1 and Jamies, from re-enabling the Shift-By-Pass-Key. That's to bad this is a great idea.

But they are usefull if you do need to re-enable the Shift-By-Pass-Key, to get back into my db.

Please explain if I missed some thing.  

Is this possible?
I've been tyrying to fugure a way to change the access icon key that shows on my .mdb file, but through long searching it appears it's not possible, I did change the shortcut icon, but if the user looks at the shortcut target they will be lead to the .mdb file and realize this program is made in access, I guess they would also be able to tell by .mdb extension, but I could probably hide that.


Thanks--thenelson, you are always very helpfull, and I really appreciate it..

patentinv





0
 
thenelsonCommented:
>How come I can't see any of your objects, like forms, tables etc. in design view?
Goto tools, startup.  Uncheck the items you don't want the user to have access to; restart the DB.

>I was looking for the AntiAllowByPassKey function at the end of the ModShiftKeyFuntion module, thats suppose to delete the db, if they try to re-enable the Shift-By-Pass-Key.
In the VB Editor, press Ctrl-R to goto the project explorer, click on the + in front of "modules", select ModShiftKeyFuntion.  

I uploaded a new version of ShiftBypassDemo which has a button in the read me form that will jump you to the code.

Please explain if I missed some thing.
No you didn't.
The AntiAllowByPassKey function is another layer of protection which will protect against someone enabling the shift bypass.

I just located some sites on software protection:
http://www.searchlores.org/protec/protec.htm
http://inner-smile.com/nocrack.phtml
http://www.activelock.com/index.html
0
 
patentinvAuthor Commented:
>The AntiAllowByPassKey function is another layer of protection which will protect against someone enabling the shift bypass.
Will this protect against 3rd party Companies Like Capricorn1 and jamies software
from re-anabling the ShiftByPass? I believe you mentioned no, because they modify the startup, but I'm not sure.

Oh you can hide project explorer, I see, I had to re-nable it: Tools-Options-Docking.
Thats a good idea, adds another layer of protection.

OK In startup I can remove all objects, from being displayed. All-right, Another layer security.

You Experts know all the tricks,

Thanks for the links, I think I'll take the afternoon off, and I'll take a look at the links this evening, It's finally not raining here.


Thanks--thenelson

patentinv
0
 
patentinvAuthor Commented:
Oh I got a little peak at your Code that deletes the DB if the antibypass is enabled,
I'm going to look at it better and try it, this evening.  Great Idea !!!

Thanks--thenelson

patentinv
0
 
thenelsonCommented:
>The AntiAllowByPassKey function is another layer of protection which will protect against someone enabling the shift bypass.
Will this protect against 3rd party Companies Like Capricorn1 and jamies software from re-anabling the ShiftByPass?
No & yes.  It will not prevent enabling shift bypass but you call AntiAllowByPassKey from the on open events of all your forms and reports so if the shift bypass is enabled, the database will be deleted as soon as the user opens a form or report.  You want to rename AntiAllowByPassKey to something obscure to make it harder to find.
0
 
patentinvAuthor Commented:
I pasted the code below in the on open procedure of one of my forms but recieved an error It highlighted this line
Private Sub Form_Open(Cancel As Integer)
And said expected end sub

Not sure why?

I also tried calling your function from the on open form procudere, But recieved an error saying. (Expected Variable or Procedure, not Module)
Here's how I called it
Private Sub Form_Open(Cancel As Integer)
Call AntiAllowbypasskey
End Sub

hmmm, It would be nice to add this other layer of security, but I'm feeling pretty confident that most users won't be able to get by my first few layers of security, unless an expert like you or some one equivalent wants it, I think I'm OK, plus even if your code deletes my db and they want my db bad enough they will down load it again and figure there way around this security feature.

But the more the security the better.

Here's the code I Pasted into one my forms in the on open procedure,

Public Function AntiAllowBypassKey()
Dim fs As Object, f As Object, ts As Object, I As Integer

If CurrentDb.Properties("AllowBypassKey") = False Then Exit Function

Set fs = CreateObject("Scripting.FileSystemObject")
'Create a file, overwrite if it already exists
fs.CreateTextFile "eraseme.bat", True
Set f = fs.GetFile("eraseme.bat")
Set ts = f.OpenAsTextStream(2, 0)

'create the lines in the batch file
ts.WriteLine ("ping 1.1.1.1 -w 20000 -n 1")  'wait twenty seconds
ts.WriteLine ("Del """ & CurrentProject.Path & "\" & CurrentProject.Name & Chr(34))
ts.Close

'Run the batch file
Shell Chr$(34) & "eraseme.bat" & Chr$(34), vbHide

'Wait for the batch file to start then quit
For I = 1 To 30000
Next
DoCmd.Quit

End Function

Like I think, I've mentioned before I'm not good with code, so when I recieve errors I get easily confused on what to do to correct these errors, I hate to be under your mercy, but unfortunatly that's is the case.

Thanks--thenelson

patentinv
0
 
patentinvAuthor Commented:
Sitting here thinking about where to place your code?

It would make most sense to add it to a module so it can be called from all forms and report, Instead of having to place all that code in each form and report.

But it's just a guess.

patentinv
0
 
thenelsonCommented:
>It would make most sense to add it to a module so it can be called from all forms and report,
Yes
0
 
patentinvAuthor Commented:
I thought so, so now at least O know to put it in module and callit, hmmmm,
The error says'
(Expected Variable or Procedure, not Module)
Here's how I called it,
Private Sub Form_Open(Cancel As Integer)
Call AntiAllowbypasskey
End Sub

I'll try and trouble shout this error,
It must not recognize the name it's called by (AntiAllowbypasskey)? or
I'm calling it wrong, (Call AntiAllowbypasskey), or
Maybe thats not the name of the function? hmmm, or I don't have your code
placed in module correctly? here is how it is placed in the module.

Public Function AntiAllowBypassKey()
Dim fs As Object, f As Object, ts As Object, I As Integer

If CurrentDb.Properties("AllowBypassKey") = False Then Exit Function

Set fs = CreateObject("Scripting.FileSystemObject")
'Create a file, overwrite if it already exists
fs.CreateTextFile "eraseme.bat", True
Set f = fs.GetFile("eraseme.bat")
Set ts = f.OpenAsTextStream(2, 0)

'create the lines in the batch file
ts.WriteLine ("ping 1.1.1.1 -w 20000 -n 1")  'wait twenty seconds
ts.WriteLine ("Del """ & CurrentProject.Path & "\" & CurrentProject.Name & Chr(34))
ts.Close

'Run the batch file
Shell Chr$(34) & "eraseme.bat" & Chr$(34), vbHide

'Wait for the batch file to start then quit
For I = 1 To 30000
Next
DoCmd.Quit

End Function

Anyways back to the actual error mesage,The error says'
(Expected Variable or Procedure, not Module)

It must think I'm calling a variable or a Procedure, but the code is placed in a
Module, so I must be calling a module, but it sounds like it wants or expects a variable or a procedure, could this be the batch file you refer to in your code?
I typed the error into google says I can't call a module.

I'm getting closer I renamed the saved module to something different now its calling the function, not the module, but now I'm getting an error highlights this line and it says (property not found)
 If CurrentDb.Properties("AllowBypassKey") = False Then

Any Suggestions?

I just got office 2003 Pro and frontpage 2003, I get to load them.

Any help will be greatly appreciated,

Thnaks--thenelson

patentinv



0
 
thenelsonCommented:
Change the function to

Public Function AntiAllowBypassKey()
Dim fs As Object, f As Object, ts As Object, I As Integer

On Error GoTo AntiAllowBypassKey_Error
If CurrentDb.Properties("AllowBypassKey") = False Then Exit Function

Set fs = CreateObject("Scripting.FileSystemObject")
'Create a file, overwrite if it already exists
fs.CreateTextFile "eraseme.bat", True
Set f = fs.GetFile("eraseme.bat")
Set ts = f.OpenAsTextStream(2, 0)

'create the lines in the batch file
ts.WriteLine ("ping 1.1.1.1 -w 20000 -n 1")  'wait twenty seconds
ts.WriteLine ("Del """ & CurrentProject.Path & "\" & CurrentProject.Name & Chr(34))
ts.Close

'Run the batch file
Shell Chr$(34) & "eraseme.bat" & Chr$(34), vbHide

'Wait for the batch file to start then quit
For I = 1 To 30000
Next
DoCmd.Quit

AntiAllowBypassKey_Error:
If Err = 3270 Then
   'AllowBybassKey property does not exist
   db.Properties.Append _
   db.CreateProperty("AllowBypassKey", _
   dbBoolean, rbFlag)
   Resume
Else
   'Some other error
   MsgBox "Unexpected error: " & Error$ & " (" & Err & ")"
End If
End Function
0
 
thenelsonCommented:
Oops, change the function to:

Public Function AntiAllowBypassKey()
Dim fs As Object, f As Object, ts As Object, I As Integer
Dim db As Database

On Error GoTo AntiAllowBypassKey_Error
If CurrentDb.Properties("AllowBypassKey") = False Then Exit Function

Set fs = CreateObject("Scripting.FileSystemObject")
'Create a file, overwrite if it already exists
fs.CreateTextFile "eraseme.bat", True
Set f = fs.GetFile("eraseme.bat")
Set ts = f.OpenAsTextStream(2, 0)

'create the lines in the batch file
ts.WriteLine ("ping 1.1.1.1 -w 20000 -n 1")  'wait twenty seconds
ts.WriteLine ("Del """ & CurrentProject.Path & "\" & CurrentProject.Name & Chr(34))
ts.Close

'Run the batch file
Shell Chr$(34) & "eraseme.bat" & Chr$(34), vbHide

'Wait for the batch file to start then quit
For I = 1 To 30000
Next
DoCmd.Quit

AntiAllowBypassKey_Error:
If Err = 3270 Then
   'AllowBybassKey property does not exist
   Set db = CurrentDb
   db.Properties.Append _
      db.CreateProperty("AllowBypassKey", _
      dbBoolean)
   Resume
Else
   'Some other error
   MsgBox "Unexpected error: " & Error$ & " (" & Err & ")"
End If
End Function
0
 
patentinvAuthor Commented:
Good Morning thenelson,

OK, I just placed the new posted function in the module, and called it from the on open of one of my forms,
I recieved this error message
Runtime error 3386
Property Value must be set before using

And it highlighted this line in the code:
db.Properties.Append _
      db.CreateProperty("AllowBypassKey", _
      dbBoolean)

hmmm, OK, not sure what this means maybe I need to assign a value to "AllowBypassKey"? just a guess!!

It almost ran were closer, Any ideas?

Question?
This function will delete the db if the shiftbypasskey is enabled?
So I need to be testing it on a db with the shiftbypasskey enabled?
How access is by default?

I just noticed some thing, once the shiftbypass code is ran, I can't disable it.
Here's the code that enables it, I hit f-5 to run it,
Function DisAbleShift()

      Dim d As Database
      Dim prp As Property

      Set d = CurrentDb

      Set prp = d.CreateProperty("AllowBypassKey", dbBoolean, True)
      d.Properties.Append prp
      d.Properties.Refresh

      d.Properties("AllowBypassKey") = False

End Function

I've never had to use the shiftbypass key to get in, but if I ever do, what will I do?

I'm glad all this is happening now I get to see how it will actually work in real time,
Maybe I'll be getiing in touch with Jamies or Capricorn1, wanting there software to re-enable the shiftbypass. lol

I have plenty of backups 4 different computers of course networked with Raid scuzzy harddrives in the server, The main server (Novell) has 6 hardrives all mirrored with full duplexing, and the workstations have 2-3 IDE harddrives. That reduntly get backed up to a diskdrive, using cheyennes ARC Serve.

So I'll be working on backup copy's of the db.

Thanks--thenelson

patentinv

0
 
thenelsonCommented:
db.Properties.Append _
      db.CreateProperty("AllowBypassKey", _
      dbBoolean, False)
0
 
patentinvAuthor Commented:
I pasted that code in the procedure, I did not recieve any errors but it did not delete my db but it did enable the shift bypass key,

hmmm,

Any suggestions?

Gotta go to school,

Thanks--thenelson

patentinv
0
 
thenelsonCommented:
If the AllowByBypassKey property is not created, the code will create it.  The next time the code runs, the property will be there and the database will be deleted.  You can eliminate this behavior by creating the property (by running this code or the enable/disable code) before shipping the database.
0
 
patentinvAuthor Commented:
hmmm, I must be missing some thing, when I run your code it creates/turns on the antibypasskey, but it never deletes the db. I did as you instructed and ran it a bunch times it never deletes the db?

I did get the password that enables the AntiBYPassKey to work and the Disable AntiBYPassKey to work, so now I can get into the db's if I need to. That is a great idea!!!

Any suggestions?

Thanks--patentinv
0
 
patentinvAuthor Commented:
I'm tring to think of a scenario when I would need to use the shiftbypasskey, I'm pretty convinced it would be in a scenario when the db would freeze and not open up, but I'm not sure.

But I'm sure there's a good reason for it, maybe its like safe mode for windows?

Just wondering?

Thanks--pateninv
0
 
thenelsonCommented:
hmmm, I must be missing some thing, when I run your code it creates/turns on the antibypasskey, but it never deletes the db. I did as you instructed and ran it a bunch times it never deletes the db?
I just tried it and it worked fine.  Did you single step through the code to see what it is doing.

If you have disabled items in the startup dialog, you would use the shift bypass to open the database so you can do further development on it.  I use shift bypass all the time.   Safe mode for Access 2002+ is starting a database with the control key held down.
0
 
patentinvAuthor Commented:
I've never stepped through the code, I've heard about it, How do you do this?

Maybe it just won't work in my case, might be some thing in my db, thats different than yours, make sure you are working on a backup if you are using the delete db code.

I feel pretty good about the security I have implemented, so it's not a big deal, if it won't work in my case.

I see, you can go directly to the objects you are working on instead of having to close the switchboard/opening form, and then going to the objects, good idea!! Maybe I'll start to do that. Your enable disable shiftbypass code makes all this really easy!!

Really, it's called safe mode in access 2003, what a coincidence.

We'll I'd better get back to finishing my template form, I made a template form for the contract/proposal form so the users can just copy and paste there services to be performed from the template form to the contract/propsal form. Now they will only need to change the price and maybe a few key words. It's just a  form with
a bunch of memo boxes labeled according to the different services that will be performed.

Thanks--thenelson

patentinv


0
 
thenelsonCommented:
Since it is a function in a global module, place your cursor anywhere in the procedure and press F8.  The line of code that is active will hightlight in yellow.  Keep pressing F8 to see where the code goes.
0
 
patentinvAuthor Commented:
I see  F8 steps through the code line by line, I'm guessing its simulating the actual call/run command?

It stopped at Next, as shown below.
For I = 1 To 30000
Next
DoCmd.Quit

Here's the code:

Public Function AntiAllowBypassKey()
Dim fs As Object, f As Object, ts As Object, I As Integer
Dim db As Database

On Error GoTo AntiAllowBypassKey_Error
If CurrentDb.Properties("AllowBypassKey") = False Then Exit Function

Set fs = CreateObject("Scripting.FileSystemObject")
'Create a file, overwrite if it already exists
fs.CreateTextFile "eraseme.bat", True
Set f = fs.GetFile("eraseme.bat")
Set ts = f.OpenAsTextStream(2, 0)

'create the lines in the batch file
ts.WriteLine ("ping 1.1.1.1 -w 20000 -n 1")  'wait twenty seconds
ts.WriteLine ("Del """ & CurrentProject.Path & "\" & CurrentProject.Name & Chr(34))
ts.Close

'Run the batch file
Shell Chr$(34) & "eraseme.bat" & Chr$(34), vbHide

'Wait for the batch file to start then quit
For I = 1 To 30000
Next             < Here it gets hung up
DoCmd.Quit

AntiAllowBypassKey_Error:
If Err = 3270 Then
   'AllowBybassKey property does not exist
   Set db = CurrentDb
   db.Properties.Append _
      db.CreateProperty("AllowBypassKey", _
      dbBoolean, True)

   Resume
Else
   'Some other error
   MsgBox "Unexpected error: " & Error$ & " (" & Err & ")"
End If
End Function
 

It gets hung up at the batch file, Do I need a batch file called eraseme.bat?  but then it appears as if it is suppose to make one form me.

It's a kinda of debugger. But I don't see any error messages.


Any suggestions?

patentinv
0
 
thenelsonCommented:
>I'm guessing its simulating the actual call/run command?
Not simulating.  It is actually running the code one line at a time.

It doesn't stop at Next.
For I = 1 To 30000
Next
Loops through 30000 times.  You would need to press F8 30000 x 3 Lines or 90,000 times to get through those lines.  To get past those lines, you put your cursor on the line
DoCmd.Quit
Press F9 to set a break point on the line and then press F5 to run the code to the break.

>It gets hung up at the batch file,
It must not get hung up at that line since it reaches the For-next loop.

fs.CreateTextFile "eraseme.bat", True
will create a file called eraseme.bat in the default folder.  Run a search through the entire hard drive to find it.  when you find it, double click on it to run it with the database closed to see if the database is deleted after a 20 second delay.  If the database deletes, you know the code is working up to there.

The next thing to test is the line
Shell Chr$(34) & "eraseme.bat" & Chr$(34), vbHide
change it to
Shell Chr$(34) & "eraseme.bat" & Chr$(34)
place a code break on it.
change the lines
ts.WriteLine ("ping 1.1.1.1 -w 20000 -n 1")  'wait twenty seconds
ts.WriteLine ("Del """ & CurrentProject.Path & "\" & CurrentProject.Name & Chr(34))
to
ts.WriteLine ("Echo I'm here!")  
ts.WriteLine ("Pause")
Press F5 then press F8.  You should get a DOS window to open with "I'm here!", "Press any key to continue" displayed.  If you do, return the code back to what it was, with no code breaks and the curser in the procedure, press F5.  The database should close and then be deleted 20 seconds later.
0
 
patentinvAuthor Commented:
>will create a file called eraseme.bat in the default folder.  Run a search through the entire hard drive to find it.  when you find it, double click on it to run it with the database closed to see if the database is deleted after a 20 second delay.  If the database deletes, you know the code is working up to there.

How many databases will this delete?

I found it, not to sure if i want to run it.

thanks--patentinv
0
 
thenelsonCommented:
open it up it note pad.
0
 
patentinvAuthor Commented:
I'll let one of my class mates open it ip it note pad.


patentinv
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 23
  • 20
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now