[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ACCESS 2007 - preventing import or link; hidden objects

Posted on 2011-05-10
12
Medium Priority
?
483 Views
Last Modified: 2012-05-11
I am testing an ACCESS 2007 database which has a custom password (VBA code) system where depending in the password you are able to do certain procedures with the database (ie. FULL ACCESS = add/edit/view reports; PARTIAL ACCESS = only view reports).  Tables and certain other objects are hidden and VBA code prevents an intruder from holding 'SHIFT' key to bypass password screen/system.  However, I am finding that since some of the users share the ACCESS software on a server, if an intruder would turn on the viewing of hidden objects; he/she could import the tables/objects from the database that I am trying to protect.

Any ideas on how to prevent this??
0
Comment
Question by:CSha
  • 5
  • 3
  • 3
  • +1
12 Comments
 
LVL 21
ID: 35729731
<< I am finding that since some of the users share the ACCESS software on a server>>
An Access front end shoulc never be shared. Each use should have tier own copy of the front end.


<,if an intruder would turn on the viewing of hidden objects; he/she could import the tables/objects from the database that I am trying to protect.

Any ideas on how to prevent this?? >>
The short answer is you can't.
0
 
LVL 12

Assisted Solution

by:danishani
danishani earned 664 total points
ID: 35729743
Best practises is to create a Runtime version of your database.
And on top of that create an ACCDE version as well.

This combination protects your database for being exposed to intruders.

See for more info this at HightechCoah.com:
http://www.hitechcoach.com/index.php?option=com_content&view=article&id=62:what-is-the-access-runtime-version&catid=7:runtime-version&Itemid=9

HTH,
Daniel
0
 
LVL 21
ID: 35729806
Unfortunately it is easy to crack an Access database. For example: the bypass key is very is to enable. As you have seen it it easy to import the table objects.

Using a MDE/ACCDE with a SQL server back end can be made more secure than an JET/ACE (Access) back end.

I do have some stuff on my web site that might help:

vPPC Toolkit for 2007

Splitting your Access database into application and data

0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 5

Expert Comment

by:MikeAHogan
ID: 35729817
You can also set the tables as completely hidden, this way they cannot view the objects to import them.

Dim tbl1 As TableDef

For Each tbl1 In CurrentDB.TableDefs
    tbl1.Attributes = dbHiddenObject
Next

You should run this on the front and back end to completely hide them.
This will prevent the import, but does make it harder to work on the tables yourself as you cannot view them to add to queries.
0
 

Author Comment

by:CSha
ID: 35730028
I have never been successful using the Runtime version of ACCESS.  Maybe that needs to be revisited.  Isn't the Runtime version built into 2007 or is it necessary to purchase a Developer Edition?

That is an interesting comment (and code) from MikeAHogan about completely hiding the tables but how would I unhide a completely hidden table if I need to make changes???

Thank you for all your help....  
0
 
LVL 21
ID: 35730115
I do use MikeAHogan suggestion. After creating an MDE/ACCDE  I run code in the new front end to sett all the tables to hidden.

Here is is code to hide and also unhide a table::

Public Sub HideTable(strTablename As String)
    With CurrentDb
        With .TableDefs(strTablename)
            .Attributes = .Attributes Or dbHiddenObject
        End With
    End With
    RefreshDatabaseWindow
End Sub
    
  
Public Sub UnHideTable(strTablename As String)
    With CurrentDb
        With .TableDefs(strTablename)
            If dbHiddenObject = (.Attributes And dbHiddenObject) Then
                .Attributes = .Attributes - dbHiddenObject
            End If
        End With
    End With
    RefreshDatabaseWindow
End Sub

Open in new window



I try to put up as many road blocks as possible to hopefully discourage anyone from trying to crack my application. Hopefully after hitting enough road blocks they give up. You also have to be concerned that your protection scheme does not have a negative performance hit.

I also encrypt sensitive data like passwords, a person information that could be used if ID theft, etc.
0
 
LVL 5

Expert Comment

by:MikeAHogan
ID: 35730498
To unhide them you can run the same code with a change

Dim tbl1 As TableDef

For Each tbl1 In CurrentDB.TableDefs
    tbl1.Attributes = 0
Next
0
 
LVL 21
ID: 35730521
I run all my Access front ends with Access in runtime mode. Using the Access runtime does require the developer to do more work  like in most other development platforms. It is still a lot less work than developing in VB/C/C++ and .NET.

Daniel posted a link to an article about the Access runtime.
0
 

Author Comment

by:CSha
ID: 35730639
I appreciate all the comments.

However, after further thought I am not sure if I could use MikeAHogans hidden code.

If an intruder opens a blank database, unhides hidden objects in that database, and then imports tables from the database that has confidential info .... I am not sure the hidden tables code would work.  It looks like it would work if they approach the database from the front end or the back end, but if they use a blank database .... what do you think?

I will try and revisit the Runtime option again after reading Daniel's article.
0
 
LVL 21

Accepted Solution

by:
Boyd (HiTechCoach) Trimmell, Microsoft Access MVP earned 668 total points
ID: 35730885
CSha,

Setting the table attribute to dbHiddenObject will definitely hide the tables from using a blank database and trying to import the table objects. That is exactly why I do it.  The only way to see them is to unhide them  is with VBA code.

Using the Runtime is just another layer of protection. I like it because they can't get to the navigation pane/database window. It is disabled. Setting the tables to hidden objects  help if the database is opened without using the Access in runtime.

Hope you found my article What is the Access Runtime Version?   helpful.

Boyd Trimmell aka HiTechCoach  ( http://hitechcoach.com )
Microsoft MVP - Access Expert
0
 
LVL 5

Assisted Solution

by:MikeAHogan
MikeAHogan earned 668 total points
ID: 35731128
You cannot import the objects into a blank database once they are hidden this way.  There is nothing to select when trying to import.
0
 

Author Comment

by:CSha
ID: 35731259
Thank you all for your comments!  I am going to try the hiding/unhiding in code and also further investigate using ACCESS Runtime Version.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft has changed the look and feel of Azure AD and Microsoft account sign-in pages so that you will have a more unified look and feel when moving between the two interfaces.
Explore the ways to Unlock VBA Project Password Excel 2010 & 2013 documents. Go through the article and perform the steps carefully to remove VBA Excel .xls file.
The view will learn how to download and install SIMTOOLS and FORMLIST into Excel, how to use SIMTOOLS to generate a Monte Carlo simulation of 30 sales calls, and how to calculate the conditional probability based on the results of the Monte Carlo …
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question