Securing a 2007/2010 Client Server Application
Posted on 2013-01-25
I have an Access application with a growing user population. The GUI sits on each user PC while the data resides on a server - with the customery table linking. The path to the database is stored in the global module so it can be called as needed when recordsets are used.
A Login form launches when a user starts the application and a valid user name/password combination is required for a successful login. All of the objects are hidden except for the Login form and user Access applications are set up not to show them.
Unfortunately, at this stage, we are relying on user ignorance to protect the application and the data. A curious, or malicious, user could change a few settings and see stuff we don't want them to see. I would like to accomplish the following:
1) Implement a password on the back end data. A user who tries to open that .accdb directly will need the password, but if they open it through the application, the password will be handed to the BE automatically.
2) Lock down the front end so that users can only see the things we want them to see.
If I had my druthers, I would be developing this in straight VB, but unfortunately the company in question wants it in Access.
Any suggestions or links to resources would be appreciated.