How secure is a secured database?

[Suzann]

I've been reading the posts on several threads and one has got my curiosity
aroused. Can a person circumvent all security that has been set up on a
database simply by creating a new database and importing objects from the
secured database into it? I've successfully (finally) got the user level
security working the way I want it to after several readings of the Security
FAQ and a big bottle of tylenol, so I was curious just how safe the data
would be. The users do not have access to any of the tables or queries and
can only run the queries with the owner's permission.

Which leads me to another question. Since I work with financial statements
that shouldn't be viewed by everyone I had already planned on not putting any
sensitive financial data into the front-end of the database. If I link
certain tables in this less-sensitive database to a database that is just for
upper management (which has the appropriate security on it), can a user of
the low-level database trace any outside links? The high-level database will
be on another server.

Once again, thanks for any and all help. It's been a while since I've
actively used Access and I've decided I either need a bigger bottle of
Tylenol or I should stick to accounting - lol.

All kidding aside, I've enjoyed getting re-acquainted with Access - and code.

Suzann

 

[Douglas J. Steele]

If you've applied security properly, they will not be aboe to import objects
from the secured database.

That having been said, yes, there are holes in Access security. No product
where the users have physical access to the actual file(s) where the data is
saved can be completely secure.

If your data is that sensitive, perhaps you should be putting it into a
server-based DBMS such as SQL Server or Oracle. You can still use Access as
a front-end to it.

 

[Suzann]

Thanks for the reply. I've followed all the guidelines and suggestions that
I've found regarding user-level security so I hope I have security set
properly. I'm the owner of the database and all it's objects. Only I and 2
other people have admin privileges. The admin account is now a member of the
users group and that group does not have any privileges granted to it. The
intended users of this database are members of a new group I set up and they
have no access to tables or queries and can only run queries with owner's
permission. I've used CurrentUser() to limit them to access to their own
records.

That having been said, I'm going to split the database and put it in a
folder that is made specifically for them. Since this is on a network drive,
they first have to have permission granted by IT to use that drive and
folder. I plan on linking the back end to a database that is used primarily
by accounting and the network security is pretty stringent on rights to
access. The data isn't going to be that sensitive, just costs related to
projects and so on. However, since it includes rates for jobs that the
consultants are working on - I don't want them to be able to view one
anothers data easily.

I was just curious after reading the posts on copying objects into another
database when a person wasn't able to see the tables behind the forms. I've
only designed databases in the past for use within our department - and
basically the end-user just clicked a button to get the info they needed.
This is the first time I've tried to design something from scratch that
actually required input from users that will be used to make accruals for at
month end. I just wanted to make sure I wasn't overlooking an easily
avoidable loophole. Again, thanks for your help.

 

[Suzann]

By the way, Doug, your website helped me quite a bit in understanding silly
mistakes I was making. Thank you for providing so much detail. I also used
other MVP sites and they all helped to clear the way to understanding.

Suzann

 

[TC]

I've been reading the posts on several threads and one has got my curiosity
aroused. Can a person circumvent all security that has been set up on a
database simply by creating a new database and importing objects from the
secured database into it?

No. This means that the security was not set up correctly. No if's,
but's or maybe's.

I've successfully (finally) got the user level
security working the way I want it to after several readings of the Security
FAQ and a big bottle of tylenol, so I was curious just how safe the data
would be.

Unfortunately there are products on the web that will reverse engineer
the plaintext passwords from a workgroup file. So that's like everyone
writing their password on a sheet of paper that is stuck on the monitor
screen. This problem is due to a simple mistake in how MS encrypts the
passwords in the workgroup file. Unfrtunately, it aint gonna' change
now - believe me!

There is a way that you can fiddle the security, such that the
available workgroup file does not contain a workable Admins group. So
then, even though anyone can get the passwords from that workgroup file
(using a product as described above), they can *not* get Administrative
priviliges to that database (from that workgroup file). I think (but am
not sure) that this technique is described in the Acces Security FAQ, a
document often referenced in discussions of security.

The users do not have access to any of the tables or queries and
can only run the queries with the owner's permission.

That's good. It stops people fiddling with the BE file manually. But
they can still use a cracking product to find all the usernames and
passwords in the workgroup file, then write code to try those users,
successively, until they find the one(s) that let them access the data.

Which leads me to another question. Since I work with financial statements
that shouldn't be viewed by everyone I had already planned on not putting any
sensitive financial data into the front-end of the database.

Good! See above.

If I link
certain tables in this less-sensitive database to a database that is just for
upper management (which has the appropriate security on it), can a user of
the low-level database trace any outside links? The high-level database will
be on another server.

The information from a table link can generally seen in a normal text
editor. For exampe, if you link to a simple-password protected back-end
database, it is easy to find that password, in the FE file, using only
a text editor.

Once again, thanks for any and all help. It's been a while since I've
actively used Access and I've decided I either need a bigger bottle of
Tylenol or I should stick to accounting - lol.

Buy it in bulk, that's what I say!

HTH,
TC (MVP Access)
http://tc2.atspace.com

 

[Suzann]

TC, big thanks to you too. Your website was another one that helped me quite
a bit. Your diving pictures look great, by the way - lol.

I'm pretty confident that I've covered the guidelines in the Security setup
and that the database is as secure as I can make it without writing a lot of
code. I'm working on the code for disabling the shift bypass key right now.
Again, it's from one of the MVP's websites and due credit will be noted. The
users will only have access to certain custom toolbars.

While the main database will have the sensitive cost issues - i.e. their
rates, expenses we pay, etc. - if it's cracked it won't be a catastrophe.
Some of the consultants might want to adjust their rates, however - and
that's what I want to avoid. I thought about putting it on our SQL server,
but then I would lose control of handily accessing it. The IT people don't
like too many hands in the fire (and rightfully so) when it comes to the
major servers. The good thing about living on the Texas coast is that we
have wonderful disaster recovery technology in place for times when we're hit
with hurricanes. So that's one headache I don't have to worry about daily.

Oh - one other thing .. I got the industrial size Tylenol after I crashed my
database twice while first attempting user-level security - it tastes great
with margaritas! Thank goodness I followed the first rule, make a copy
before you attempt security. Again, thanks to all of y'all for your
continued help and support.

Suzann

 

[TC]

No probs, thanks for the feedback

The diving pictures are not that far from the truth ... :-((

Cheers,
TC (MVP Access)
http://tc2.atspace.com

 

[Suzann]

Well, I always thought Gollum was cute and totally misunderstood

Thanks again.

 

[John Vinson]

Well, I always thought Gollum was cute and totally misunderstood

I once had a lapel button:

SMEAGOL JUMPED

John W. Vinson[MVP]