Printable Version of Topic

Posted by: hima193 Mar 10 2019, 12:50 AM

Hello guys
There is a problem in my access application and i hope you guys can help me

I use SQL server backend and everything is great and i dont have any problems but when i tried to distribute my workstations i tried to import the tables in the accde to a new accdb file and the shock was that the tables got imported
The more shocking thing was i extracted the connection string using tabledef.connecti am sure i am not the first programer to encounter this problem

Is there any fix for this issue cause the only thing i can do is using dao recordsets and delete the tables and this will require that i rebuild my forms so it uses dao instead of linked odbc tables

Please guys help me solving this security issue

Posted by: theDBguy Mar 10 2019, 01:39 AM

Hi,

Welcome to UtterAccess!


What kind of data are you trying to protect?

Posted by: hima193 Mar 10 2019, 01:58 AM

Thanks my friend

The table itself can be imported even if its in accde

Posted by: PhilS Mar 10 2019, 07:55 AM

Posted by: hima193 Mar 10 2019, 09:01 AM

Thanks for your reply

The problem is in the linked odbc tables

The access let you import the tables even from accde then you can easly extract the connection string

I tried a different approach today and removed the tables and used ado connection to connect to SQL server and get the recordset

Posted by: GroverParkGeorge Mar 10 2019, 12:08 PM

If a user can get to your data in the linked tables in an accde, how is it less secure for them to be able to get that that same data from a different accdb?

Posted by: AlbertKallal Mar 10 2019, 06:44 PM

Actually you can prevent this issue.

The trick is that you can use Access to cache the user id and password and NOT INCLUDE the uid/password in your connection string used for linking the tables.

So, on access start up, you can execute a one-time logon (based on that uid/password). Once you do this then all of your linked tables to SQL server will now work.

And since you don’t include UID/password in the linked table(s) connection, then you enhance security by a rather large margin.

The result of the above is:

If users were to (by intention or access) look at the linked table connection string they will not find a uid/password in that string.

If they launch another copy of access and import the linked tables, they will find they don’t work when you click on them – again because no uid/password is included in the links.

So the approach is:

Execute a one-time logon.

Now link all of your tables WITHOUT the uid/password as part of the string.
(note that you ONLY do this one time - the tables are now linked without uid/password).
(you do not have to re-link on startup anymore). You can distribute the accDE (compiled) with this setup.
(and no DSN or workstation setup is required).

So until such time you execute that one time logon, none of your linked tables will work.

In fact, if a user were to launch the accDE file and NOT let your start up code run, then clicking on any linked table will NOT work.

And as noted, if they import the linked tables to another application (copy of Access running), those linked tables will not work either. (Because they don’t include the uid/password in the link used to SQL server).

There is also the added bonuses that if you were using different logons (SQL) for each user, you can do so without having to re-link tables. You could just prompt for the uid + password, execute a logon to SQL server, and now your linked tables will all work (and again, you don’t re-link and again the linked tables don’t have the uid/password included in their connection strings.

Needless to say, this quite much eliminates your concerns and issues here.

So you first need some logon code.

I use this:

Posted by: hima193 Mar 12 2019, 09:52 AM

AlbertKallal

I cant thank you enough
Thats exactly what i was looking for
Thank you .. thank you .. thank you

Posted by: hishamzero1 Sep 1 2019, 01:28 AM

I have the same concern here..

Posted by: AlbertKallal Sep 1 2019, 02:10 PM

Hi,