UtterAccess.com
We have detected that you are using an unsupported web browser. We recommend you to upgrade your web browser to get the most from UtterAccess forums.
Why should and how can I upgrade?
X   Site Message
(Message will auto close in 2 seconds)

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Security in Access 2007    
 
   
stepup
post Jul 18 2006, 10:03 AM
Post #1

New Member
Posts: 8
From: NJ



I'm curious as to how many people, particularly developers, are aware of the new "security" model in Access 12? User level security (ULS) has been removed from the new version of Access. Replication has also been taken out.
any people know that security in Access has been broken for a long time, mostly because passwords in the database and workgroup file can be easily cracked. But I have always thought that the security model in Access was a really good one for a local, file based database. Seems to me it could be fixed, or at least considerably shored up, easily by Microsoft with stronger encryption. Why this was never done has always baffled me.
So what is Microsoft's "fix" for this situation? Just TAKE ULS OUT, and replace it with the "Trust Center" model. Now, you can no longer restrict access to objects in the database by user or group. Its pretty much an all or nothing scenario with this new model. The standard response to this concern in the Access 12 blog has been that, if security is a key concern, then SQL Server or Sharepoint should be used on the back end.
Osimply do not understand the thinking here. What secure system does NOT employ some kind of user identification?
Seems to me that the intent with the new version is to simplify Access for the end user, but in doing so they have removed a great deal of capability to do customization in an application. How many people are aware that you can not have menus in Access 12? You can still have toolbars, but they are placed with a ribbon tab. Maybe some people will love "Ribbons" (I really DO like them in Word and Excel), but to force them on an end user is kind of..well...crazy. Why not leave in the OPTION to have a standard Window interface? Why not have the OPTION to use the existing Access security model and just fix the "crackability" of the security model?
I would like to carry this further, perhaps make an appeal to Microsoft in some way. I have been in contact with Erik Rucker, Program Manager of the Access development team. The team has worked really hard on the new release, and many of the new features are really very nice. Erik has been very gracious in explaining the thinking behind the decisions on interface design and security. But to me, as a long time Access developer, I think some of their decisions will have a real adverse effect, particularly on developers.
You thoughts please.
Go to the top of the page
 
+
freakazeud
post Jul 18 2006, 10:23 AM
Post #2

UtterAccess VIP
Posts: 31,413
From: NC, USA



Hi,
welcome to UA forums sad.gif!
I'm not sure if you have seen these, but they are very interesting:
new security model explained
new navigation explained
more about the navigation!
Furthermore, you could try to relight this thread and hope Clint will respond sad.gif!
HTH
Good luck
Go to the top of the page
 
+
stepup
post Jul 18 2006, 06:08 PM
Post #3

New Member
Posts: 8
From: NJ



Thanks for the reply. I have been following the recent posts in the Access blog, but didn't catch some of the older ones on the security issues.
still don't quite understand how the customization of the nav pane works based on a Windows user. Anyone know how, or if, this works?
Go to the top of the page
 
+
freakazeud
post Aug 11 2006, 06:44 AM
Post #4

UtterAccess VIP
Posts: 31,413
From: NC, USA



Hi,
are you talking about the navigation pane itself or the ribbon?
HTH
Good luck
Go to the top of the page
 
+
alancossey
post Aug 24 2006, 03:24 PM
Post #5

UtterAccess Veteran
Posts: 457
From: Norfolk, UK



I am as concerned as you are. The Navigation Pane is no real restriction. If the user knows the database password to get into the database in the first place, he can start another database up and link tables to the first database so all the data is accessible to him. Gone is any control over what he can do when in there. No developer in their right mind allows general users unrestricted access to data, but that is what Access 2007 serves up.
econdly, with just a few lines of code in a second database, i.e.
Dim app as Access.Application
Set app=GetObject("C:\pathofthealreadyopendatabase\alreadyopendatabase.accdb")
a user is able to get to absolutely everything (tables (linked or otherwise), queries, forms, reports, the lot) in the first database even if its Shift key bypass has been disabled. To my mind that means Access no longer has security. Alarm bells should be ringing for Access developers. This holds for a front end connected by linked tables to other back ends, e.g. SQL Server.
It seems that the only way to have some control over what users can do is to make everything unbound in an ACCDE (Access 2007 equivalent of an MDE), but that entails lots more work (and makes linked subforms more difficult though not impossible, though it does seem to make subdatasheets impossible). With the amount of work involved, why should I use Access and not move to VB.Net? More importantly, when an end-user decides he wants a few other people to share using it, what do we say to him? "You shouldn't have done it in Access, mate. There is no security on it these days. Here, I'll redo it in VB.Net for £XXXX."? It seems to me that Microsoft has done Access a huge disservice on this because it has totally removed any scalability (unless there is something I don't know about with upsizing it to Sharepoint that removes the problems with linked tables I spoke of earlier).
Even more worrying than the silence of Microsoft here is the silence of Access developers!
Go to the top of the page
 
+
stepup
post Aug 25 2006, 01:32 PM
Post #6

New Member
Posts: 8
From: NJ



"Even more worrying than the silence of Microsoft here is the silence of Access developers! "
could not agree more. I can't believe that many developers are downloading the beta. I would think they would be in revolt if they saw how, in many ways, Access 2007 is being ripped to shreds.
Go to the top of the page
 
+
alancossey
post Aug 25 2006, 02:40 PM
Post #7

UtterAccess Veteran
Posts: 457
From: Norfolk, UK



Hiya,
datAdrenaline (Brent Spaulding) and I are having another discussion on a possible way forward on overcoming the loss of user-level security at http://www.utteraccess.com/forums/showflat...2310&fpart=. We may be getting somewhere... Do pop over and have a look.
Go to the top of the page
 
+

Thank you for your support! Reply to this topicStart new topic

Jump To Forum:
 



RSS Search  ·  Go to Top  ·  Lo-Fi Version Time is now: 31st October 2014 - 12:46 PM