Access and Secure compared to Oracle?
When someone says (from IT) that Access is not a secure platform what do you think they mean?
This is in comparison to another db that is running on Oracle called CSM.
I would think that if you can hack into Access then it is not the fault of Access but the security of the network?
this was an email from IT:
While CSM seems to be a bit less user-friendly than the Access database, it is written on a supported Oracle platform and is supported and maintained by IT. The maintenance includes regular backups of the server and data, and the structure of the application itself plus the fact that it resides in an Oracle database ensures that the information stored there is secure. Oracle application security is applied to all users of the system.
The Access database appears to be straight-forward to use and has good, quick reports. However, Access, as a general rule, is not very secure. The application is being stored on the C: drive of his computer, which is not backed up and risks corruption. Even if the application were stored on a network drive that is backed up, there are multiple ways to access the information without going through the front-end that he created. It is very difficult to ensure that data kept in an Access database is truly secure. Finally, IT, as a rule, does not support Access databases. Should something happen to the application, you would not be able to call on IT for quick support.
From a security point of view, It is my recommendation that you continue to use the CSM application.
This is in comparison to another db that is running on Oracle called CSM.
I would think that if you can hack into Access then it is not the fault of Access but the security of the network?
this was an email from IT:
While CSM seems to be a bit less user-friendly than the Access database, it is written on a supported Oracle platform and is supported and maintained by IT. The maintenance includes regular backups of the server and data, and the structure of the application itself plus the fact that it resides in an Oracle database ensures that the information stored there is secure. Oracle application security is applied to all users of the system.
The Access database appears to be straight-forward to use and has good, quick reports. However, Access, as a general rule, is not very secure. The application is being stored on the C: drive of his computer, which is not backed up and risks corruption. Even if the application were stored on a network drive that is backed up, there are multiple ways to access the information without going through the front-end that he created. It is very difficult to ensure that data kept in an Access database is truly secure. Finally, IT, as a rule, does not support Access databases. Should something happen to the application, you would not be able to call on IT for quick support.
From a security point of view, It is my recommendation that you continue to use the CSM application.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
"I would think that if you can hack into Access then it is not the fault of Access but the security of the network? "
No. It's Access for sure.
Send me an A2003 mdb with password and I will send the password right back to you :-)
mx
No. It's Access for sure.
Send me an A2003 mdb with password and I will send the password right back to you :-)
mx
<DO NOT GRADE>
If you think Access itself is secure, then simply GOOGLE "ACCESS SECURITY CRACK" and see how many links you get back.
This has nothing whatsoever to do with the security of your network, and everything to do with Access native security. I would NEVER use Access for an enterprise wide application.
Just my 2-cents worth.
</DO NOT GRADE>
AW
If you think Access itself is secure, then simply GOOGLE "ACCESS SECURITY CRACK" and see how many links you get back.
This has nothing whatsoever to do with the security of your network, and everything to do with Access native security. I would NEVER use Access for an enterprise wide application.
Just my 2-cents worth.
</DO NOT GRADE>
AW
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok i understand. I do believe that some like to think that their data is SO important that it will be the end if the world if someone knows what their data says. of course some data is very impt to lock down but in this case it is not. There is more to this story. The group i work in is small and ab access db is perfect.
But i still think that Accesa is as secure as your network. You first have to pass the network i think. Let me know what you think about that.
These people believe that they need the security to keep people from getting in the db and "Issuing" letters of credit and bonds all over yhe world. These people dont understand that the data inside the access db has already been approved many times over and they dont understand the data is not connected to a Bank.... Just internal like excel. They think they need to APPROVE the issuance of any LC that is enteres in access which is duplication because they have already been approved. This security is what they wanted in Access...to approve LC already been approved.
But i still think that Accesa is as secure as your network. You first have to pass the network i think. Let me know what you think about that.
These people believe that they need the security to keep people from getting in the db and "Issuing" letters of credit and bonds all over yhe world. These people dont understand that the data inside the access db has already been approved many times over and they dont understand the data is not connected to a Bank.... Just internal like excel. They think they need to APPROVE the issuance of any LC that is enteres in access which is duplication because they have already been approved. This security is what they wanted in Access...to approve LC already been approved.
"But i still think that Accesa is as secure as your network. You first have to pass the network i think. Let me know what you think about that. "
For anyone on a local workstation to use an Access DB on a network, that user must have full Read/Write/Modify/Delete permissions on the Folder on the server that contains the back end db. So, there is no 'security' in this context. Only what you can provide via a db password or ULS (prior to A2007)
I see you got your old user name back :-)
mx
For anyone on a local workstation to use an Access DB on a network, that user must have full Read/Write/Modify/Delete permissions on the Folder on the server that contains the back end db. So, there is no 'security' in this context. Only what you can provide via a db password or ULS (prior to A2007)
I see you got your old user name back :-)
mx
>>> But i still think that Accesa is as secure as your network.
well, sort of. Since Access itself is not secure, then yes, anybody that can get through your network effectively has privileges on your access db.
Conversely, if you use Oracle. You need to be able to log in, if you have network security too, that just adds another layer.
As for what your access db is used for. if you run a business process from the data, then it has importance.
Maybe the data is already approved somewhere else, maybe the data can be restored from some other source too.
But, those other approvals and other sources aren't what you are using. You are doing something for your business using that data
therefore you have imparted value to it. Since it has value, it should be secured.
If you're simply storing your angry birds high scores then access is fine.
either way the importance of the data and whether it "should" be secured is sort of irrelevant to the question of whether it "can" be secured
well, sort of. Since Access itself is not secure, then yes, anybody that can get through your network effectively has privileges on your access db.
Conversely, if you use Oracle. You need to be able to log in, if you have network security too, that just adds another layer.
As for what your access db is used for. if you run a business process from the data, then it has importance.
Maybe the data is already approved somewhere else, maybe the data can be restored from some other source too.
But, those other approvals and other sources aren't what you are using. You are doing something for your business using that data
therefore you have imparted value to it. Since it has value, it should be secured.
If you're simply storing your angry birds high scores then access is fine.
either way the importance of the data and whether it "should" be secured is sort of irrelevant to the question of whether it "can" be secured
ASKER
< So, there is no 'security' in this context.
If someone hacked into the Access wouldnt that mean they first must hack into the Network?
You are sating that wherever yhe BE is the hacker can have acces to that directory possibly? I am thinking if they are adept enough to hack the network then they can hack into any directory they want and not need Access to help with that.
If someone hacked into the Access wouldnt that mean they first must hack into the Network?
You are sating that wherever yhe BE is the hacker can have acces to that directory possibly? I am thinking if they are adept enough to hack the network then they can hack into any directory they want and not need Access to help with that.
you're right the network does act as a wall, and Access does not, which basically proves the point.
your question wasn't "is my network secure compared to oracle"
your question was comparing access security to oracle security - and access fails in that comparison
your question wasn't "is my network secure compared to oracle"
your question was comparing access security to oracle security - and access fails in that comparison
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I see. I understand it now. I do agree that Access is not secure. The alternative we have here is an awful old db that some people this is OK. It takes an enormous amount of time to enter data in this db where in access it is done in seconds. Just say for instance their db requires entry of the Amount more than 15 times in separate forms and it is an inefficient use of time. It takes me 30 minutes to enter data where as Access is about 30 seconds. I would be willing to sacrifice a little security to increase efficiency and especially if the data is not as cofidential as other data is. If the data housed financials or somethign like that then I wouldnt want it in Access.
Oh well this has been a 3 month battle at this place and it ended today. I will be drinking a lot tonight. I am going to leave early!
thanks for the comments. I am sure no one is opposed to splits.
Oh well this has been a 3 month battle at this place and it ended today. I will be drinking a lot tonight. I am going to leave early!
thanks for the comments. I am sure no one is opposed to splits.
glad we could help.
one last note...
>>>> It takes an enormous amount of time to enter data in this db
That's not the db, it's the application. Oracle is plenty fast. but if there is a poor interface, that's not Oracle's fault.
If your access app has a nice set of forms for data entry, that's not Access's credit either.
one last note...
>>>> It takes an enormous amount of time to enter data in this db
That's not the db, it's the application. Oracle is plenty fast. but if there is a poor interface, that's not Oracle's fault.
If your access app has a nice set of forms for data entry, that's not Access's credit either.
As a strange side note...
Can you create the forms to quickly enter the data in Access, but use the Oracle tables? That might make everyone happy.
Can you create the forms to quickly enter the data in Access, but use the Oracle tables? That might make everyone happy.
Depending on exactly how your access db is setup, there may be no security at all. or weak security at best
Plus, access db's typically are fairly small, and as such could be copied to someone's usb drive and taken home in their pocket to apply hacking tools.
An oracle db could "in theory" also be stolen that way, but it's more difficult