Lock down the backend database

J

Jonathan Brown

I've got a database with a front-end and a back-end. The front-end I've
locked down with user level security. In order to lock down the back-end
I've applied a simple database password that only those who use the back-end
know. Although, I've come to learn how insecure my back-end database
password is. I've been able to crack it with more than one utility. Is
there any way I can make it more solid without having to come up with some
extremely long and complicated password? My users who use the back end are
not too computer savy and would not appreciate and extremely complicated
password just to get into their database.
 
J

Joan Wild

Jonathan said:
I've got a database with a front-end and a back-end. The front-end
I've locked down with user level security. In order to lock down the
back-end I've applied a simple database password that only those who
use the back-end know. Although, I've come to learn how insecure my
back-end database password is. I've been able to crack it with more
than one utility. Is there any way I can make it more solid without
having to come up with some extremely long and complicated password?
My users who use the back end are not too computer savy and would not
appreciate and extremely complicated password just to get into their
database.

The frontend users should not need to know the password on the backend as it
will be stored in the linked tables.

However, you can secure the backend using the same workgroup file you used
to secure the frontend. You can use RWOP (run with owner permission)
queries for all data interaction, and then the users don't need any
permissions on the tables.

You can also hide the backend using \\server\share$ rather then
\\server\share. Unsavy users won't likely find it.
 
J

Jonathan Brown

Joan,

Naturally I am unconcerned about the unsavy users. Nor am I concerned that
the users who use the backend will tell anyone the password. Although, those
who use the frontend are the ones I'm worried about. I know that there are
individuals with some considerable computer sense and creativity. My
database keeps track of very sensitive information.

I have enabled RWOP queries in my frontend which thankfully do a good job.

Here's the real problem. The front-end and the back-end databases reside in
the same folder. My users have full rights to this folder so that they can
write to the database. All they have to do is run a simple password cracker
to get in. Is there some way I can, like encrypt the password with 3des or
something like that?
 
R

Rick Brandt

Joan,

Naturally I am unconcerned about the unsavy users. Nor am I concerned that
the users who use the backend will tell anyone the password. Although, those
who use the frontend are the ones I'm worried about. I know that there are
individuals with some considerable computer sense and creativity. My
database keeps track of very sensitive information.

I have enabled RWOP queries in my frontend which thankfully do a good job.

Here's the real problem. The front-end and the back-end databases reside in
the same folder. My users have full rights to this folder so that they can
write to the database. All they have to do is run a simple password cracker
to get in. Is there some way I can, like encrypt the password with 3des or
something like that?

If you have sensitive data and pc knowledgable users then your data
doesn't belong in an mdb file. Anyone that can use Google will be able to
get at the data if they have a desire to do so.
 
J

Joan Wild

Jonathan said:
Joan,

Naturally I am unconcerned about the unsavy users. Nor am I
concerned that the users who use the backend will tell anyone the
password. Although, those who use the frontend are the ones I'm
worried about. I know that there are individuals with some
considerable computer sense and creativity. My database keeps track
of very sensitive information.

Rick is correct that if you are dealing with information that is that
sensitive, you shouldn't be using Access. It's up to you to decide the
risk. A previous post said your users were not savvy, but now you speak of
those with considerable computer sense and creativity. I cannot assess the
risk for you.
Here's the real problem. The front-end and the back-end databases
reside in the same folder. My users have full rights to this folder
so that they can write to the database. All they have to do is run a
simple password cracker to get in. Is there some way I can, like
encrypt the password with 3des or something like that?

No there isn't. Your users should not need to open the backend database
directly at all, so I don't see why they even need to know the backend
password. Furthermore, the frontends should be put on each person's
computer. They should not all be sharing the same copy of the frontend, nor
should it be on the server. You run the risk of corruption.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top