After migrating .mdb to v.2007 & rename mdw file, v.2007 lets me i

P

Pierre Doré

I am responsible for migrating a dozen MS ACCESS 2002 applications to MS
ACCESS 2007. After successfully migrating them all, I stubbled by accident
on a security glitch. All these apps uses User Level Security (ULS), and for
each database a seperate .mdw file is used as well. We use the FE & BE
approach as well, were the BE & .mdw file are located on a network server. A
shortcut file is used for all of them as well, defining the location of
database as well the mdw file to use against it. Here's the problem. If I
try accessing the database directly, on a development server, I get in on 4
of them, no questions asked. Using the "SysCmd(acSysCmdGetWorkgroupFile)"
within the VB Editor, I find it surprising that it now uses the default
system.mdw file. But the same database in version 2002(Prodution), it will
not let me in. Furthermore, if I rename the system.mdw file and try to
access the database directly, it recreates the default mdw file. I have to
use the "RunCommand acCmdWorkgroupAdminstrator" in the VB Editor in order to
join to the appropriate mdw file. My concern is that someone can simply
rename the mdw file located on the network, and then they have full access to
the database. Our only option is to change the attribute of the mdw file to
hidden. Is this a bug or is their a patch out there that I can use to fix
this problem? We have downloaded the SP1 patch as well.
 
D

Douglas J. Steele

If using a different MDW file lets you into the database, then security
wasn't applied correctly in the first place.

I can't offer any explanation why you don't have the same issue using Access
2002.
 
C

Chris O'C via AccessMonster.com

When you migrated from 2002 to 2007, did you sign in as a member of the
admins group and convert the 2002 mdb to a 2007 accdb? If you did that,
*you* removed user level security. Accdb files use the the ACE db engine,
which doesn't recognize Jet 4 security. Keep the db in an mdb format and Jet
4 security remains when opening it in 2007 - if it was secure when in 2002
format.

Chris
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top