Input on securing FE/BE access database

Posted on 2011-10-07
Medium Priority
Last Modified: 2012-08-13
Hi Experts, I have a FE/BE Access db application that I want to tighten up. The BE is on a network share, and right now any user who has access to the share can open the BE and mess with it. Not good.

I am using Access 2007, and the BE is an .accdb.

Here is the simple version of what I am trying to do, and I would appreciate input from anyone who can see a gaping hole in this model:

1) "Encrypt with password" the BE

2) Make user-specific Front-end "template" files to be copied down to users local machine. These are password-encrypted.

3) Make a "management" db that has a table of users, the path to their Front-end template, and the password for the template. This is also password-encrypted.

4) Make a "trigger" db (containing code module only) which the user uses to launch the application. This would connect to the users table in the management db using ADO, and would be distributed as an .accde so it is not possible to find out the password to the management db.

5) When user opens the "trigger" db, it gets their network login name, connects to the managment db to determine the appropriate FE template and password, creates an .accde FE on the local machine, and opens it for the user.

I think I can basically achieve pass-through authentication this way... fingers crossed! If anyone tries to open either a FE or the BE without using the launcher, they will be presented with the "passord required" box.


Question by:McOz
1 Comment
LVL 85

Accepted Solution

Scott McDaniel (Microsoft Access MVP - EE MVE ) earned 2000 total points
ID: 36930999
Assuming that you have different passwords for the "launcher" database and the "live" database, then this sounds as if that's about as secure as you can get with an Access backend. In effect, your enduser would have no knowledge of the actual password being used for the Backend database, which should preclude all but the most determine users from getting to the data.

Note however that once that BE is opened through table links and such, a knowledgeable user could use the GetObject("Access.Application") method to "grab" that object, and would have full access to the tables. This would be a very, very remote possibility, of course, but just be aware that is the one exploit that sometimes crops up (but again, very rarely).

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Let's take a look into the basics of ransomware—how it spreads, how it can hurt us, and why a disaster recovery plan is important.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question