Page 1 of 3 123 LastLast
Results 1 to 15 of 39
  1. #1
    3 Star Lounger
    Join Date
    Nov 2003
    Location
    London, Gtr London, England
    Posts
    222
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Backend Security (2003 (11.6566.8036) SP2)

    Hi there!

    I have just split a DB into front and Backend and will be implementing User level security shortly (Haven't done this before, but am in the process of reading through the various threads on this site.). In the interim, is there a way of protecting the Backend from being opened separately to the front end by users or unwanted people? Also, will User level security prevent this?

    The Backend of course resides on our network and I don't have any control over folder permissions etc. I know I can set a password on the front end, but this doesn't carry through to the Backend and if I set a password on the Backend then I get "Not a valid password ." displayed when trying to access tables etc.

    I suspect implementing User level security will be the requirement.

    Cheers,

    Niven

  2. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Backend Security (2003 (11.6566.8036) SP2)

    You shouldn't change folder permissions, even if you could. Access requires that all users have full permissions (read/write/create/delete) on the folder containing a database.

    Don't set a database password on the backend. User-level security is indeed the way to go.
    User-level security will prevent unauthorized users from opening the backend.

    You probably already found the following links, but I'll include them for others reading this thread - they provide very useful information about user-level security:
    <!profile=WendellB>WendellB<!/profile>'s tutorial with a list of links: The Secrets of Security
    Security paper by Jack MacDonald (PDF format)
    Access Security FAQ (Word document for download from Microsoft)

  3. #3
    3 Star Lounger
    Join Date
    Nov 2003
    Location
    London, Gtr London, England
    Posts
    222
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Backend Security (2003 (11.6566.8036) SP2)

    Thought that would be the way to go!

    Thanks again for your invaluable help.

    Niven <img src=/S/cheers.gif border=0 alt=cheers width=30 height=16>

  4. #4
    3 Star Lounger
    Join Date
    Nov 2003
    Location
    London, Gtr London, England
    Posts
    222
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Backend Security (2003 (11.6566.8036) SP2)

    I think I'm getting there with regards to creating a secure DB.

    Having set up the front-end with passwords and permissions for Administrators and Users alike (I am finding the terminology of Admin and Admins confusing and almost ambiguous in their nature!), I have found with regard to the back-end, that I could still actually open it with no problem. To get round this I went through the same procedure as for the front-end, i.e. creating a new User with Admin privileges, removed Admin from Admins group and set passwords for both. This means that if someone tries to open the back-end now, they have to enter a password for either the Admin or New Administrator in order to get in.

    I have two questions surrounding this:-

    1) Does this sound right? (this is in a test phase at present, so haven't gone for the big bang yet!).

    2) Had I not have split the DB first, would applying the Security have been carried through to the back-end when splitting, thus reducing the effort, or would I still have had to perform the same actions as already stated?

    Cheers,

    Niven

  5. #5
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Backend Security (2003 (11.6566.8036) SP2)

    1) Yes, you have to secure both the frontend and the backend for security to be effective.

    2) As far as I know (I tend to set up databases split from the start), the wizard should create a secured frontend and backend from an already secured database.

  6. #6
    3 Star Lounger
    Join Date
    Nov 2003
    Location
    London, Gtr London, England
    Posts
    222
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Backend Security (2003 (11.6566.8036) SP2)

    Just when I thought it was safe to go back into the water.......................

    Front end works nicely by using the "/WRKGRP" switch from the desktop. If I try to open the front end by itself from a folder, then I get a permissions error. So far so good, looks like it

  7. #7
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Backend Security (2003 (11.6566.8036) SP2)

    Rename your System.mdw to (for example) Secure.mdw. You may want to move it to a shared network folder, or give each user a copy.
    Access will probably create a new unsecured System.mdw next time you start it, otherwise you can create a new one yourself.
    Create a shortcut to the frontend with a target like this:

    "C:Program FileMicrosoft OfficeOffice11MSAccess.exe" "C:AccessFrontend.mdb" /wrkgrp "H:SharedSecure.mdw"

    If your backend is now unsecured, you haven't applied security correctly. As described in the various articles on security I linked to, it is absolutely essential that you take away most or all permissions from the default Admin user, for if a user opens the database with an unsecured mdw, (s)he will log in as Admin.

  8. #8
    3 Star Lounger
    Join Date
    Nov 2003
    Location
    London, Gtr London, England
    Posts
    222
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Backend Security (2003 (11.6566.8036) SP2)

    I think I missed something when I ran the User-Level Security Wizard (i.e. I might not actually have run it!!!). Having re-run it on the back-end it is now behaving as I want it to. I.e. If I try and open it from a folder it now cries out with the permissions error and the only way to open it is from the desktop with the "/WRKGRP" switch, which in turn presents the Logon window. Is this the norm that when your front and back-end's are already split, that you end up with two Secured MDW files (i.e. "DHA_PO_INV_Secure_Users.mdw" & "DHA_PO_INV_Secure_Users_BE.mdw")?

    The other DB's are now unaffected by this and defaulting to the original System.Mdw file.

    Another query is can you present the Logon window inside a form or load up say a splash screen, before the Logon window comes up?

    Cheers again,

    Niven

  9. #9
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Backend Security (2003 (11.6566.8036) SP2)

    The Security Wizard creates a new .mdw for you, but you can use the same .mdw for both. The workkgroup security file defines users, groups and group memberships. The database itself stores the permissions for each user and group.

  10. #10
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Backend Security (2003 (11.6566.8036) SP2)

    I don't think you can intercept the login prompt from within Access - the database is opened after you log in.

    You could create a small application in (say) VB6 or VB.net that displays a custom login form, then starts Access with a command line as suggested for a shortcut, but with extra arguments /user and /pwd.

    For example:
    <code>
    Shell """C:Program FileMicrosoft OfficeOffice11MSAccess.exe"" ""C:AccessFrontend.mdb"" /wrkgrp ""H:SharedSecure.mdw"" /user TheBoss /pwd TopSecret", vbMaximizedFocus</code>

  11. #11
    3 Star Lounger
    Join Date
    Nov 2003
    Location
    London, Gtr London, England
    Posts
    222
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Backend Security (2003 (11.6566.8036) SP2)

    Yes! The same .mdw works for both. Very useful and of course much better to keep track of.

    Many thanks for your time and patience here. It's probably not as daunting as it seems, but it is a lot clearer now as to what steps need to be taken in order to get this to work in a logical manner.

    Cheers, <img src=/S/bravo.gif border=0 alt=bravo width=16 height=30>

    Niven

  12. #12
    3 Star Lounger
    Join Date
    Nov 2003
    Location
    London, Gtr London, England
    Posts
    222
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Backend Security (2003 (11.6566.8036) SP2)

    I thought this might be the case. I'll certainly have a look at this sometime.

    Thanks again,

    Niven

  13. #13
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Backend Security (2003 (11.6566.8036) SP2)

    The first time it is rather daunting, but when you've worked through the steps once or twice, it starts to fall into place.

  14. #14
    3 Star Lounger
    Join Date
    Nov 2003
    Location
    London, Gtr London, England
    Posts
    222
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Backend Security (2003 (11.6566.8036) SP2)

    Hans,

    I'm not sure if I should have created a new post here, or replied to the following post:-

    <post#=518,355>post 518,355</post#>

    However, it does concern the next aspect of security and testing to see if a user has a null password, i.e. when that user's password has been cleared and they are logging back into the system, they do not need a password to log on. Is there a way of testing for this when they have logged on and to force them to enter a new password before they can access the DB?

    I have set up a general form to accept the Old, New and Confirmation of New passwords so as to allow them to change their passwords within the system (amongst the various built in checks is one to stop them from entering a Null password.), so I would like to force them into this form, if possible, at the startup stage.

    Is this feasible?

    Cheers,

    Niven

  15. #15
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Backend Security (2003 (11.6566.8036) SP2)

    Do you mean that you want to check what the current user's password is when he/she opens the database? Virus writers would *love* that. For security reasons, you cannot retrieve the password from within Access. Again, you could use a small application as mentioned in <post:=608,930>post 608,930</post:> to manage login and passwords.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •