Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Access 2000 MDB security - Password or Group Level Security using VB6?

Posted on 2011-04-22
5
Medium Priority
?
419 Views
Last Modified: 2012-05-11
I would like to attach security to an Access 2000 MDB that is part of an application that will be released shortly for distribution to a group of customers.

I have looked at Access password security and also Group Level security.

Was wondering if one method offers more security than the other?

The application using Access 2000 mdb is a VB6 desktop program.

Is it even possible to use the Group Level security method that would allow access from within the VB6 program when the MDB is opened by passing the Group Level password?

Thanks for any input here.
0
Comment
Question by:morrisbo
  • 2
  • 2
5 Comments
 
LVL 42

Accepted Solution

by:
dqmq earned 1000 total points
ID: 35452046
With a VB6 application, security credentials are passed in the connection string. So, you will pass a userid/password that is established by the VB6 application.  That user will then gain it's own permissions plus those granted to any group it is a member of.  

If you want to forgo individual userids, then you can certainly share a "group" userid amongst many individuals and just pass that in the connection string.
0
 
LVL 42

Expert Comment

by:dqmq
ID: 35452166
I forgot to mention, in addition to the userid/password, the connection string must identify the access .mdw file with the "SystemDB=path_to_your_workgroup_file" parameter.

I don't think one method is any more secure than the other and, truth-be-told, neither is very secure.  However, administering security at the group level is usually less work.
0
 
LVL 85

Assisted Solution

by:Scott McDaniel (Microsoft Access MVP - EE MVE )
Scott McDaniel (Microsoft Access MVP - EE MVE ) earned 1000 total points
ID: 35452932
As dqmq said, both methods are not overly secure, but with ULS you'd have more control over individuals. For example, if you have Manager group, and that group should be the only one who can review the data in tblEmployees, then you can define that using ULS.

ULS is quite tricky, and in general it's not something that is easy to install after the fact. This is generally something that is done during development, since it can take quite a bit of time to fully implement and test. That said. in order to correctly implement security on your Access database, see this page:

http://www.jmwild.com/Accesssecurity.htm

Once you do that, you can then implement the methods suggested by dqmq to properly connect to your secured Access database.



0
 

Author Comment

by:morrisbo
ID: 35456533
After reviewing the comments and further research on this I wanted to add some additional information and indicate what I think the approach of adding security should be.

 I appreciate your input and any additional comments that might be offered. The link provided for additional access security was very helpful.

The VB6 program provides userid and password security internally to limit access to the data
provided from within the program. It provides for an Administrator and sub users the ability
to enter their ID and associated password. Only the Administrator may add user ids

This would prevent anyone without a password from accessing the data from within the program.

The purpose of considering Access Password security would be to protect the user passwords from
compromise thru viewing the access table containing User IDs and Passwords by running Access directly.

Now my thinking is that we should encript the user passwords before placing  in the proper table.

Also, we would like to protect the proprietary structure and identity of the various tables and fields.

Our approach would be to add the password facility directly using the Access 2000 program itself prior to releasing the software for sale.

The software program would be modified to pass the access password with the connection string.

Thanks for your comments.  Really appreciate your help here.

0
 
LVL 85
ID: 35458911
The Access 2000 password is easily broken, and in fact there are hundred of free programs available that will do this, so please don't think that setting the Access password is any form of real security.

Your approach, as stated above, should work to keep the overwhelming majority of people out of your data - it'll keep honest people honest, in other words :)).  If someone wants to get at your data, it'd take them about 30 seconds to find a program, download it and run it, so just be aware of this as you move forward.
0

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have had my own IT business for a very long time. I started mostly with hardware and after about a year started to notice a common theme. I had shelves with software boxes -- Peachtree, Quicken, Sage, Ouickbooks -- and yet most of my clients were…
Implementing simple internal controls in the Microsoft Access application.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question