We help IT Professionals succeed at work.

MS-ACCESS Application Security.

Tony
Tony used Ask the Experts™
on
MS-ACCESS Application Security.
Hi, I need a compilation of security measurements to put in a ms-access application.  Such as:
1. Users cannot see tables.
2. Users cannot see vba code.
3. Users cannot use Special keys : Keys such as Ctrl+Break, Ctrl+G, and the Shift key to bypass startup options in the database.
4. Users cannot see the Navigation panel at all.
5. Users cannot see any forms, queries, reports or any other object.
6. Any additional suggested.

Please advice.

Thank you.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Jim Dettman (EE MVE)President / Owner
Most Valuable Expert 2017
Most Valuable Expert 2012

Commented:
Basically it boils down to:

1. Using Set options to hide the DBC (database window or Nav pane) and cut-off special keys such as F11.
2. Distribute as a .accde so the source code is not available.

 On this:

"5. Users cannot see any forms, queries, reports or any other object."

 Do you mean in design view?   #1 and #2 would cover that.

Jim.
Software & Systems Engineer
Commented:
As Jim mentioned .accde will cover all such needs...but it would be helpful to share some insight why there is such troubling about someone viewing...whatever
Lets take it from the start...
.Accde or else compiled Access application is an "ouput" of your application pretty much as from other Languages .exe...its regarded pretty difficult to "crack" ..as only very few people can reverse engineer them (you have to work on very low level and most the "good" documentation is from the '90s and dead and burried for good)  and you can protect even more...like : Code Protector v2
Even further...if you are truly concerned you can obfuscate the data so that some one pulls them it would meanigless without the "key" / strategy ...
I wouldn't worry much about forms/reports...but even them you can have them have a really dynamic nature ...like controls changing Controlsource/event behavior you name it....like even if someone manages to copy them it would appear like a blank set of textboxes....
Distinguished Expert 2017

Commented:
Be very careful when you are locking down the database.  Make sure you have several backups, preferably as zip files to avoid accidental modification.  Since all the lockdown steps will impede your ability to make changes, write yourself a procedure or in some cases, you can do this with code and only secure the database as the last step before distributing the new version.

I'm pretty sure if you search here and other places there are specific instructions on how to accomplish each step.  I don't have them handy but perhaps someone else can post a link.

One additional thing I do is to rename the .accde as .accdr and also add code to force the app to only run in "runtime" mode.