UtterAccess.com
X   Site Message
(Message will auto close in 2 seconds)

Welcome to UtterAccess! Please ( Login   or   Register )

Custom Search
 
   Reply to this topicStart new topic
> Example Of The Widest Possible Protection, Access 2016    
 
   
mylton
post May 22 2019, 06:04 AM
Post#1



Posts: 16
Joined: 13-June 16



Good Morning.

First of all, I apologize to everyone for my English.

it's not very good.

I am starting a project in access and after reading a lot I understand that it has some limitations in its protection.

from the shift key and others.

as I am a beginner in the art of programming I would like the help of the most experienced, in the sense if someone could provide an example of a file that was protected as broadly as possible.

in order to study and start my project.

Thanks and hugs to everyone.

Go to the top of the page
 
DanielPineault
post May 22 2019, 06:50 AM
Post#2


UtterAccess VIP
Posts: 6,662
Joined: 30-June 11



You have the cart in front of the horse, as they say. If you want a starting point then review https://www.devhut.net/2016/09/01/securing-...base-front-end/ that said, I wouldn't be too concerned about security at this stage and concentrating on proper data normalization, table/relationship structures, ... securying and deploying comes later on. Personally, I'd start off with https://www.devhut.net/2017/04/09/setting-u...ccess-database/ and https://www.devhut.net/2017/04/20/access-be...shooting-steps/

--------------------
Daniel Pineault (2010-2018 Microsoft MVP)
Professional Help: http://www.cardaconsultants.com
Free MS Access Code, Tips, Tricks and Samples: http://www.devhut.net

* Design should never say "Look at me". It should always say "Look at this". -- David Craib
* A user interface is like a joke, if you have to explain it, it's not that good! -- Martin LeBlanc


All code samples, demonstration databases, links,... are provided 'AS IS' and are to be used at your own risk! Take the necessary steps to check, validate ...(you are responsible for your choices and actions)
Go to the top of the page
 
mylton
post May 22 2019, 06:55 AM
Post#3



Posts: 16
Joined: 13-June 16



thank you
Daniel.
I will read.
tomorrow, return
hugs.
Go to the top of the page
 
GroverParkGeorge
post May 22 2019, 07:17 AM
Post#4


UA Admin
Posts: 35,146
Joined: 20-June 02
From: Newcastle, WA


We have some excellent resources for newcomers. Much of what Daniel recommends is covered there.

--------------------
My Real Name Is George. Grover Park Consulting is where I do business.
How to Ask a Good Question
Beginning SQL Server
Go to the top of the page
 
mylton
post May 22 2019, 09:00 AM
Post#5



Posts: 16
Joined: 13-June 16



thank you Grover.
I'm going to study.
hugs.
Go to the top of the page
 
GroverParkGeorge
post May 22 2019, 09:25 AM
Post#6


UA Admin
Posts: 35,146
Joined: 20-June 02
From: Newcastle, WA


Just a point regarding protocols for the internet.

When my daughter texts me, she sometimes includes "hugs". Or I might text "hugs" to a brother or sister. However, I am not used to being sent "hugs" from people I've never met....

It's a concept that is probably lost a bit in translation....

George

--------------------
My Real Name Is George. Grover Park Consulting is where I do business.
How to Ask a Good Question
Beginning SQL Server
Go to the top of the page
 
mylton
post May 22 2019, 10:05 AM
Post#7



Posts: 16
Joined: 13-June 16



I understand.
here in Brazil we have the habit at the end, in thanksgiving, give "hugs".
as I said at the beginning my English is not very good.
Anyway, I apologize if there was any discomfort or anything like that.
I thank the help of all you.
Thank you.
Go to the top of the page
 
GroverParkGeorge
post May 22 2019, 10:10 AM
Post#8


UA Admin
Posts: 35,146
Joined: 20-June 02
From: Newcastle, WA


Not discomfort, but I thought you'd like to know.

I do say "abrazos" to my Venezuelan in-laws....

--------------------
My Real Name Is George. Grover Park Consulting is where I do business.
How to Ask a Good Question
Beginning SQL Server
Go to the top of the page
 
gemmathehusky
post May 22 2019, 04:42 PM
Post#9


UtterAccess VIP
Posts: 4,684
Joined: 5-June 07
From: UK


… but I think he speaks Portuguese, not Spanish, in Brazil

obrigado is the only Portuguese word I know.


--------------------
Dave (Male)

(Gemma was my dog)
Go to the top of the page
 
isladogs
post May 22 2019, 05:12 PM
Post#10


UtterAccess VIP
Posts: 1,417
Joined: 4-June 18
From: Somerset, UK


I agree completely with the previous comments about getting the basics of your database sorted out first.
However when you are ready to implement security measures, have a look at this extended article and example database on my website Improve Security in Access databases

--------------------
Go to the top of the page
 
mylton
post May 22 2019, 06:54 PM
Post#11



Posts: 16
Joined: 13-June 16



Good evening everyone.
Boys.
girls.
regardless of language, those that are part of this group, are ACCESS.
As said my English is not good!
but regardless of my country having an "A" or "B" language, I try to evolve in programming. But here, Brazil, there is little knowledge about you.
so if you can forgive different mistakes and customs among our countries, I am grateful.
once again....
my English is not good.
Thank you.
Go to the top of the page
 
GroverParkGeorge
post May 23 2019, 08:18 AM
Post#12


UA Admin
Posts: 35,146
Joined: 20-June 02
From: Newcastle, WA


Yup, that's true. However, from my limited exposure, there are similarities culturally. "Abrazos", which is Spanish for "hugs", is a very common attitude as well as gesture in both countries. I've not visited Brazil, only Venezuela, but that has brought me into contact with people from all over the South American continent.


--------------------
My Real Name Is George. Grover Park Consulting is where I do business.
How to Ask a Good Question
Beginning SQL Server
Go to the top of the page
 
GroverParkGeorge
post May 23 2019, 08:21 AM
Post#13


UA Admin
Posts: 35,146
Joined: 20-June 02
From: Newcastle, WA


Please do not apologize. It was only intended to be a minor insight into one difference and I did not intend it to be negative in any way.

My nephew lived and worked in Ponta Grossa for three or four years, but I never had the chance to visit them. Jorge is originally from Venezuela, but works for a large US corporation. So, that's the extent of MY knowledge of Brazil.

--------------------
My Real Name Is George. Grover Park Consulting is where I do business.
How to Ask a Good Question
Beginning SQL Server
Go to the top of the page
 
mylton
post May 23 2019, 03:54 PM
Post#14



Posts: 16
Joined: 13-June 16




No problems.



about access ...
so read here....



When it comes to security, especially Database, Access gets harsh criticism and with good reason! This has even improved greatly in the versions of Access 2007 and 2010 with the use of encrypted password to open the application.

But what good is it to close the front door if we leave the back door open? That's what Microsoft has been doing: leave the back door wide open for anyone who understands a little Access, enter and get hold of the Database password, without ceremony!

The most used process of accessing the Database is through the mechanism of linking the tables. When we generate the links, the internal Access system kindly stores the database password in a system table, called MsysObjects, allowing easy access through the Navigation Panel and even external applications.

Private Sub Report_Open (Cancel As Integer)
Me.RecordSource = "Select * From tblClients in '' [; Database =" & CurrentProject.Path &
"\ Data.accdb; PWD = password]"; "
End Sub

Note that the password needs to be entered in the code. So I read it a lot to capture this password when the report is being displayed, even though the code is protected by the ACCDE extension.


From what I read I noticed that some programmers were able to assemble a code capable of managing the password of the links, without it being exposed in the MsysObjects table.
through an insertion of an Object (ListBox for example). Where it is hidden and is connected to the recordset of a table.

While the connection to the listBox is active, any linked table can be accessed, even if the incorrect password in the links is indicated.

With the connection to the established backend, bind the tables with a false password so that the true password is not displayed in the MsysObjects system table.

I have read all this here on the site, I have not found any examples of how to do this.
Would Algume have a tip or an example that might help?

Thank you
Go to the top of the page
 
isladogs
post May 23 2019, 04:37 PM
Post#15


UtterAccess VIP
Posts: 1,417
Joined: 4-June 18
From: Somerset, UK


Have you looked at the link I gave in post #10? It includes detailed instructions and an example app you can use for testing.
You could also read my article Encrypted no strings split database.
This also includes an example app.

These two items cover almost all the issues involved and provide the answers I believe you are looking for.

--------------------
Go to the top of the page
 
mylton
post May 24 2019, 10:01 AM
Post#16



Posts: 16
Joined: 13-June 16



Good Morning.
I read yes.
I thought it was very good.
I'm trying to adapt.
however, as you yourself said, it uses as a basis the non-binding of tables, which in itself already after a significant increase in coding work.
As for the method of creating a fake password, as I mentioned in message number 10.
would it have any way? idea?
In relation to your topic where it says:
"that you can create deep hidden, that does not approach by security questions, what would be the way to learn?
Go to the top of the page
 
isladogs
post May 24 2019, 11:54 AM
Post#17


UtterAccess VIP
Posts: 1,417
Joined: 4-June 18
From: Somerset, UK


Encrypting an entire database would be a lot of work. I've never done that myself.
However there are many other security measures in the first link I gave that I would definitely recommend doing. See the link originally given in post #10 Improve Security in Access databases

'm not sure what you mean regarding fake passwords.
If you hide navigation pane, ribbon etc, create an encrypted ACCDE FE and encrypted ACCDB BE together with other security, end users should not be able to view connection strings or see the BE password.
As previously mentioned, if you are that concerned with security, then use SQL Server for your BE.

As 'deep hidden' tables can be used as a further security measure, I never explain how to do this in forums as doing so would make that security almost worthless.
If you are that interested, you can do as I did. Research and experiment to work out how to apply the deep hidden property … and how to undo it again!
If you succeed, please do not publish your solution in forums either.

--------------------
Go to the top of the page
 
mylton
post May 24 2019, 12:02 PM
Post#18



Posts: 16
Joined: 13-June 16



It's ok.
I'll try
Thank you.
Go to the top of the page
 
mylton
post May 25 2019, 09:32 AM
Post#19



Posts: 16
Joined: 13-June 16



Good Morning.
Isladogs.
following their precious tips, which tables
should be encrypted to prevent access to the password we see in the MSysobjetcs table?
would you use encryption on the whole table or just in the specific field?
or would it in VBA?
Thank you.
Go to the top of the page
 
isladogs
post May 25 2019, 09:46 AM
Post#20


UtterAccess VIP
Posts: 1,417
Joined: 4-June 18
From: Somerset, UK


Any linked table from a password protected BE will have that password in its connection string. You can see that if you hover over the linked table in the navigation pane.
As you pointed out the password is also visible For those linked tables in the MSysObjects system table.

There is no point encrypting those linked tables to obscure the password as its not stored in the table itself.
You cannot encrypt system tables.

If you want to prevent users seeing the BE password(s) follow the steps in my article including hiding the navigation pane and hiding Access options so it can't be restored.
You can also try the no strings approach so there are no permanently linked tables …. If you think its worth the effort.
If security is that important, use SQL Server or similar for your backend
BUT do remember whilst you can improve Access security and prevent the average user tampering with your data, a highly skilled hacker with sufficient time and determination can crack any Access database

--------------------
Go to the top of the page
 


Custom Search


RSSSearch   Top   Lo-Fi    19th June 2019 - 10:10 PM