We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Access 2000 MDB security - Password or Group Level Security using VB6?

Medium Priority
442 Views
Last Modified: 2012-05-11
I would like to attach security to an Access 2000 MDB that is part of an application that will be released shortly for distribution to a group of customers.

I have looked at Access password security and also Group Level security.

Was wondering if one method offers more security than the other?

The application using Access 2000 mdb is a VB6 desktop program.

Is it even possible to use the Group Level security method that would allow access from within the VB6 program when the MDB is opened by passing the Group Level password?

Thanks for any input here.
Comment
Watch Question

Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Commented:
I forgot to mention, in addition to the userid/password, the connection string must identify the access .mdw file with the "SystemDB=path_to_your_workgroup_file" parameter.

I don't think one method is any more secure than the other and, truth-be-told, neither is very secure.  However, administering security at the group level is usually less work.
Scott McDaniel (EE MVE )Infotrakker Software
CERTIFIED EXPERT
Most Valuable Expert 2012
Top Expert 2014
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Author

Commented:
After reviewing the comments and further research on this I wanted to add some additional information and indicate what I think the approach of adding security should be.

 I appreciate your input and any additional comments that might be offered. The link provided for additional access security was very helpful.

The VB6 program provides userid and password security internally to limit access to the data
provided from within the program. It provides for an Administrator and sub users the ability
to enter their ID and associated password. Only the Administrator may add user ids

This would prevent anyone without a password from accessing the data from within the program.

The purpose of considering Access Password security would be to protect the user passwords from
compromise thru viewing the access table containing User IDs and Passwords by running Access directly.

Now my thinking is that we should encript the user passwords before placing  in the proper table.

Also, we would like to protect the proprietary structure and identity of the various tables and fields.

Our approach would be to add the password facility directly using the Access 2000 program itself prior to releasing the software for sale.

The software program would be modified to pass the access password with the connection string.

Thanks for your comments.  Really appreciate your help here.

Scott McDaniel (EE MVE )Infotrakker Software
CERTIFIED EXPERT
Most Valuable Expert 2012
Top Expert 2014

Commented:
The Access 2000 password is easily broken, and in fact there are hundred of free programs available that will do this, so please don't think that setting the Access password is any form of real security.

Your approach, as stated above, should work to keep the overwhelming majority of people out of your data - it'll keep honest people honest, in other words :)).  If someone wants to get at your data, it'd take them about 30 seconds to find a program, download it and run it, so just be aware of this as you move forward.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.