Access and Secure compared to Oracle?

When someone says (from IT) that Access is not a secure platform what do you think they mean?

This is in comparison to another db that is running on Oracle called CSM.  
I would think that if you can hack into Access then it is not the fault of Access but the security of the network?  

this was an email from IT:
While CSM seems to be a bit less user-friendly than the Access database, it is written on a supported Oracle platform and is supported and maintained by IT.  The maintenance includes regular backups of the server and data, and the structure of the application itself plus the fact that it resides in an Oracle database ensures that the information stored there is secure.  Oracle application security is applied to all users of the system.  

The Access database appears to be straight-forward to use and has good, quick reports.  However, Access, as a general rule, is not very secure.  The application is being stored on the C: drive of his computer, which is not backed up and risks corruption.  Even if the application were stored on a network drive that is backed up, there are multiple ways to access the information without going through the front-end that he created.  It is very difficult to ensure that data kept in an Access database is truly secure.  Finally, IT, as a rule, does not support Access databases.  Should something happen to the application, you would not be able to call on IT for quick support.

From a security point of view, It is my recommendation that you continue to use the CSM application.
pdvsaProject financeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DatabaseMX (Joe Anderson - Microsoft Access MVP)Database Architect / Systems AnalystCommented:
They mean exactly that.  It is in no way secure.
Password AND ULS (prior to A2007) are *easily* hacked with MANY tools on internet.
A2007/10 in fact no longer supports User Level Security (ULS) in the ACCDB format.

It's just that simple.  I should note that ... the password in A2007/10 however is *supposed* to be more secure ... fwiw.

mx

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sdstuberCommented:
Your IT email is correct.

Depending on exactly how your access db is setup,  there may be no security at all. or weak security at best

Plus, access db's typically are fairly small, and as such could be copied to someone's usb drive and taken home in their pocket to apply hacking tools.

An oracle db could "in theory" also be stolen that way, but it's more difficult
DatabaseMX (Joe Anderson - Microsoft Access MVP)Database Architect / Systems AnalystCommented:
"I would think that if you can hack into Access then it is not the fault of Access but the security of the network? "

No. It's Access for sure.

Send me an A2003 mdb with password and I will send the password right back to you :-)

mx
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Arthur_WoodCommented:
<DO NOT GRADE>

If you think Access itself is secure, then simply GOOGLE "ACCESS SECURITY CRACK" and see how many links you get back.

This has nothing whatsoever to do with the security of your network, and everything to do with Access native security.  I would NEVER use Access for an enterprise wide application.

Just my 2-cents worth.
</DO NOT GRADE>

AW
johnsoneSenior Oracle DBACommented:
Why do you want to use Access?  Is it because of the ease of creating reports?

If so, then use Access for reporting and connect it to the Oracle database.  Make sure you use a read only account.  Then you get the best of both worlds so to speak.  Personally, I don't recommend this as the queries that Access write to go to Oracle are not very good and the differences in data types can cause problems.

One other point to mention on the security front that I didn't see was auditing.  There are a lot more available auditing features to Oracle.
pdvsaProject financeAuthor Commented:
Ok i understand.   I do believe that some like to think that their data is SO important that it will be the end if the world if someone knows what their data says.   of course some data is very impt to lock down but in this case it is not.  There is more to this story.  The group i work in is small and ab access db is perfect.

But i still think that Accesa is as secure as your network.  You first have to pass the network i think.  Let me know what you think about that.      

These people believe that they need the security to keep people from getting in the db and "Issuing" letters of credit and bonds all over yhe world.   These people dont understand that the data inside the access db has already been approved many times over and they dont understand the data is not connected to a Bank.... Just internal like excel.  They think they need to APPROVE the issuance of any LC that is enteres in access which is duplication because they have already been approved.   This security is what they wanted in Access...to approve LC already been approved.  

DatabaseMX (Joe Anderson - Microsoft Access MVP)Database Architect / Systems AnalystCommented:
"But i still think that Accesa is as secure as your network.  You first have to pass the network i think.  Let me know what you think about that.      "

For anyone on a local workstation to use an Access DB on a network, that user must have full Read/Write/Modify/Delete permissions on the Folder on the server that contains the back end db. So, there is no 'security' in this context.  Only what you can provide via a db password or ULS (prior to A2007)

I see you got your old user name back :-)

mx
sdstuberCommented:
>>> But i still think that Accesa is as secure as your network.

well, sort of.  Since Access itself is not secure,  then yes, anybody that can get through your network effectively has privileges on your access db.


Conversely, if you use Oracle.  You need to be able to log in,  if you have network security too, that just adds another layer.


As for what your access db is used for.  if you run a business process from the data, then it has importance.
Maybe the data is already approved somewhere else, maybe the data can be restored from some other source too.
But, those other approvals and other sources aren't what you are using.  You are doing something for your business using that data
therefore you have imparted value to it.  Since it has value, it should be secured.

If you're simply storing your angry birds high scores then access is fine.

either way the importance of the data and whether it "should" be secured is sort of irrelevant to the question of whether it "can" be secured
pdvsaProject financeAuthor Commented:
< So, there is no 'security' in this context.

If someone hacked into the Access wouldnt that mean they first must hack into the Network?  

You are sating that wherever yhe BE is the hacker can have acces to that directory possibly?  I am thinking if they are adept enough to hack the network then they can hack into any directory they want and not need Access to help with that.
sdstuberCommented:
you're right the network does act as a wall, and Access does not, which basically proves the point.

your question wasn't "is my network secure compared to oracle"

your question was comparing access security to oracle security  - and access fails in that comparison
sdstuberCommented:
also,  "hacking" isn't necessary.

if your mdb is put on a shared network drive, then multiple people have access to it.  Do all of those people that can reach the file have authority to change it/delete it?  If not, then you have a hole in your security and no hacking was required.

I'm not suggesting your network can't be secured, but again, that's not what this question is about. And, the network is just one piece.  If someone DID hack your network and gained access to a server hosting oracle, they'd still need to be able to get through to oracle itself.  With access, once the network is hacked, the mdb file is fair game.
pdvsaProject financeAuthor Commented:
I see.  I understand it now.   I do agree that Access is not secure.  The alternative we have here is an awful old db that some people this is OK.   It takes an enormous amount of time to enter data in this db where in access it is done in seconds.  Just say for instance their db requires entry of the Amount more than 15 times in separate forms and it is an inefficient use of time.  It takes me 30 minutes to enter data where as Access is about 30 seconds.  I would be willing to sacrifice a little security to increase efficiency and especially if the data is not as cofidential as other data is.  If the data housed financials or somethign like that then I wouldnt want it in Access.  

Oh well this has been a 3 month battle at this place and it ended today.  I will be drinking a lot tonight.  I am going to leave early!  

thanks for the comments.  I am sure no one is opposed to splits.
sdstuberCommented:
glad we could help.


one last note...

>>>> It takes an enormous amount of time to enter data in this db

That's not the db,  it's the application.  Oracle is plenty fast. but if there is a poor interface, that's not Oracle's fault.
If your access app has a nice set of forms for data entry, that's not Access's credit either.

johnsoneSenior Oracle DBACommented:
As a strange side note...

Can  you create the forms to quickly enter the data in Access, but use the Oracle tables?  That might make everyone happy.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Access

From novice to tech pro — start learning today.