Different Access protection

[George]

Hello

Is there a way to secure at 100% an Access database?
The password offered in the security options of Access is not secure enough.
There are many softwares on Internet that can get this password for less
then 20$.



What I thought to do is let the users get connected to an application that
will check the rights of connection. If the user has sufficient rights, then
lunch the database.



But even this solution is not secure enough, because anyone can create a new
database and imports into it all the database objects without having to go
through the connection application I'd have made. He will hit on an access
password that he'll crack 'easily' and all the development would be useless.



Thanks for any relevant suggestion!

 

[Arvin Meyer [MVP]]

There are 2 types of security that need to be thought of. The code which can
be made into an MDE and secured fairly well (although it can be cracked with
some real effort) and the data. If you need absolute security on the data,
you will need to use a server based data engine like SQL-Server. Any
file-server database is only as secure as the machine it's running on, and
the people using it. If you can't trust your users, you should allow them to
be using it at all.

 

[John W. Vinson]

Is there a way to secure at 100% an Access database?

There is no way to secure at 100% ANY computer application.

 

[pddxxx]

You cannot secure a database 100%.

For a comprehensive look at the issue of Access security, Garry
Robinson has written a great book entitled "Real World Microsoft
Access Database Protection and Security". More info is here:
http://vb123.com/map/

We have a product that provides copy protection for Access
applications. It uses hardware ID numbers on the end user's computer
to act as a sort of software dongle. It's called KeyedAccess and you
can download a demo from http://www.peterssoftware.com/ka.htm

There's also SageKey Application Security that does something similar:
http://www.sagekey.com/security_details.aspx

Hope this helps,

Peter De Baets
Peter's Software - Microsoft Access Tools for Developers
http://www.peterssoftware.com

 

[David W. Fenton]

Is there a way to secure at 100% an Access database?

The front end or the back end?

You use the term "Access," which suggests you're talking about a
front end, but people mis-use it all the time (partly promoted by
MS's use of the term for the ODBC and OLEDB drivers for Jet, for
instance) when what they actually mean is Jet.

To be honest, it's actually neither here nor there, as neither can
be 100% secured.

But your definition of "100%" will depend entirely on your
definition of "secured." For many scenarios, Access/Jet can be
adequately secured for the purposes it is being used. In others, the
Jet back end can be upsized to SQL Server or some other server
database that has robust security, and that is sufficient.

But ultimately, all security questions are actually "people
problems," not technical problems. You have to give your users
sufficient access to do their jobs, which means they have to be able
to see and edit the data. That's a security risk right there. But
it's necessary to trust employees, and as soon as you do so, you
open up your data to the risk of theft or corruption.

In my experience, "security" is a buzzword that people are concerned
about and don't really have a clue what it actually entails. They
are also almost always unwilling to recognize the degree to which
it's not a problem that can be solved through technology at all, no
matter which one you choose.

 

[David W. Fenton]

If you can't trust your users, you should allow them to
be using it at all.

This is true no matter what database engine you are using, and no
matter what piece of software. You have to trust users because if
you don't, you'll never let them either see or edit any data. That
would make them, er, rather unproductive.

This is a topic on which there's an awful lot of hysteria, and a
failure to recognize the degree to which it's a "people problem" and
not a technical one.

 

[John W. Vinson]

This is a topic on which there's an awful lot of hysteria, and a
failure to recognize the degree to which it's a "people problem" and
not a technical one.

Exactly. I once worked at a major pharmaceutical company, in the records
office. A research Vice President requested copies of several research
protocols - the request seemed a bit odd, but he had every right to them even
though they weren't directly in his area.

He left the next week to found a compting startup company.

 

[George]

Thanks a lot for all your answers!
The reason why I asked this question is that I created an access db because
it requires less ressource (1.time 2.money) than a server based data engine.
The people that I can't trust are the network employees who manage the
directory where the access db is stored. and they must access all the
directories of the network.
Thanks again and have a nice day

 

[Arvin Meyer [MVP]]

Exactly. I once worked at a major pharmaceutical company, in the records
office. A research Vice President requested copies of several research
protocols - the request seemed a bit odd, but he had every right to them
even
though they weren't directly in his area.

He left the next week to found a compting startup company.

Today, that is illegal, and it may have been when you worked there. Company
data is owned by the company and stealing it is a federal crime.

 

[Arvin Meyer [MVP]]

Thanks a lot for all your answers!
The reason why I asked this question is that I created an access db
because it requires less ressource (1.time 2.money) than a server based
data engine.
The people that I can't trust are the network employees who manage the
directory where the access db is stored. and they must access all the
directories of the network.
Thanks again and have a nice day

If that's the case, you are out of luck. There is no way to completely
secure any database from network administrative employees.