Detailed description of access security QA

Author: access911 updated by: Finishing Source: access911 updated by: 2004.08.16 contribution mailbox: tg * ddvip.com

Before writing this article, I would like to thank the netizens: pine, zengwb, autumn, and 4432. Thank you for your discussion on access security. The following is an excerpt:

Q mdb all the options I use to [start] are false and start with cover form. users in the same working group cannot open tables and modify tables without authorization, but they can create an empty database, how can I prevent the import or link modification? Please kindly advise!

A should first use the MS Access workgroup administrator program to create its own MDW file, such as Newsystem. MDW, and then create a new account such as newadmin, which defaults to amdin And, such as the Guest account, and then set the password of each account. Log on to the newadmin account, create a database, or import tables or forms from an existing database for development. Set database security. In addition to the newadmin account, all groups and users have the permission to open the database, and other permissions should also be blocked. This is safe. In this way, the database can be opened only by associating the newly created MDW file with the newadmin account. However, in actual applications, you should also create an account that runs the software, such as newuser. (It is best not to use the default "user" account to associate it with system. MDW can be accessed, even if you set the password is not safe, because copy a new system. MDW can be associated .) Set the permissions of the newuser account on each table to be read/written. You cannot modify the design. You can only run the form. In short, it is used to run the form. Block all modifiable permissions. In this case, the development and operation are two accounts, but the new problem is that if you give it to the user in this way, the user must know the password of the newuser account, so that the data is insecure, therefore, you should also use VB or Delphi to create a set of sub-statements. The simplest one is to run the database. For example, strrunshell = "C: /program files/Microsoft Office/office/msaccess. EXE/nostartup"

Strrunshell = strrunshell & "/wrkgrp C:/Newsystem. mdw c:/Pinewood. MDE/user newuser/pwd yourpassword"
Retval = shell (strrunshell, vbmaximizedfocus)
Of course, this is just a meaning. You can write anything in this set, for example, check whether access is installed, whether the path is correct, and whether it is registered. (Note: using another database that has been compiled into an MDE file can also achieve the above results)

Q. I have also used user security groups, but the security I mean is mainly for internal personnel. outside experts like Lin, don't talk about security at all.
Access has a fatal problem (maybe I still won't use it). Its security performance can only be used in databases with security mechanisms currently set up, and it is useless for new databases, the user only needs to use his account to log on to access and create a new *. mdb, and then use the link function to link all the tables in the backend database (or the front-end database is also available, because the tables in the front-end database are the tables linked to the back-end database, he is nothing more than a link.) as long as he understands the table content, he can modify it at will.
In fact, Microsoft has slightly changed access so that its security mechanism applies to all databases instead of the current database, so we don't have to worry about preventing some beginners, the security mechanism we use is nothing more than preventing illegal modification and destruction of these internal users.
Therefore, we need access system-level security mechanisms or office Developer Edition to help.

A is wrong and wrong. "The user only needs to use his account to log on to access and create a new *. mdb, and then use the link function to link all the tables in the backend database (or the front-end database is also available, because the tables in the front-end database are the tables linked to the back-end database, he is nothing more than a link.) as long as he understands the table content, he can modify it at will."
This paragraph is wrong! If the access security is really what xiandi says, then what I post may be empty talk. You may not have followed the practices I mentioned. In fact, this is not the case because I am a newly created system file (that is, an MDW file) and associated with a new system file to create a database, the permission to open the database can only be available to a fixed user specified by me, such as newuser. Therefore, no matter what system files are associated with, the new database cannot be connected, if that is the case, access should have been eliminated!
If you don't believe me, you can make a database and send it to you to see if you can open it. I started to use access for Development in 1997. I have to perform repeated tests on all kinds of databases I have completed. If you can, I have already accumulated dozens of other people to develop databases that I want to crack ....

Q I still don't understand:
The user mentioned in this Article refers to the internal operator, and I have also done many tests:
For example, when I create a database with a security mechanism and the system creates an MDW file, I set up a new read-only working group and a common user (without administrator privilege ), leave the user group of the system with no permissions, exit access, select a new MDW file, log on to the common user, and create a new file, then you can import and link the database with the existing security mechanism.

A. You may not read my post carefully. In fact, the access help is described in more detail. But in order to make it clear to you, let me list a silly step. The younger brother doesn't mind. I also become smarter just by reading silly help.
1. Use the wrkgadm. exe program in the access installation directory to create an MDW file. Then join.
2. After logging in to access, the default user is admin. You can create an MDB, modify the admin user password, and create a new account, such as pinewood, which will be used for future management, create a newuser for future users. (No group can be created)
3. Log On again, log on to Pinewood, and change the password. The newuser account is also repeated once.
4. log on to Pinewood and create the source MDB file of the database you need to develop. You can set the security after saving mycode. You should know where the security settings are. All admin and guest permissions on mycode are blocked. Note that all permissions, whether for a new table, a new module, or a database, are removed. All permissions of all groups to the database are also blocked. It cannot be omitted. If the user group does not block its permissions, the admin and Guest users in this group can access the database.
5. Then, set the database permissions for Pinewood. Of course, all permissions are required. Set the newuser permission. Of course, except for modifying the design permission for all tables and queries, the read and write permissions should be available. The permission to open the database should also be available, and the operation permission should also be available. In short, this account is for users.
6. Then develop and create a table form. If you have already done so, import it in. However, your database is secure at this time, and others cannot get anything from mycode. Unless you know the password.
7. After the development, the database should be separated, not only until you do so, but also make the mdb database in the background as secure. Then compile the foreground program as the MDE file.
8. Create an EXE file, as I mentioned in other posts, simply use the newuser account to open the database's exe file. It is for your users, so they can use the database in addition to this EXE, there is no other way.
9. Then, place the MDB to the server, and publish MDE, MDW, and EXE to the user. Of course, the relationship between MDE and MDB is established and debugged in advance. In programming, it is not necessary to deal with it.
10. This is enough. For developers who require security, there is still some work to be done. See my other posts. Note. All these problems will be used naturally, and those that are not used will still be useless. Which of the following problems can be solved?

Q my day ?!! Do I need to copy three files at the same time, MDB & MDW & EXE ??? ...
Not to mention that the vb exe can be easily decompiled, will someone else Delete the MDW file first and then open the MDB file?
If the access security is limited to this, it is really "completely secure.
Also, do I need more "secure" methods? The method described in the previous two times can be solved only by people who have a little knowledge about computers.

A for file sharing, the server only needs to install the mdb database, and the client needs to install the EXE, MDW, and MDE files.
Note:
1. It is an MDE file, not an MDB file. The database should be placed on the backend, while the MDE file is compiled and efficient, and the source code will not be leaked even if the password is cracked.
2. If you have deleted the MDW file, you will not be able to access the database at all. If you do not need my MDW file to access my MDB file, what security should I talk about.
3. the EXE file may not use VB, Vc, BC, or Delphi. Besides, I have not heard of decompilation for vb5 or later versions, nor have I found any corresponding tool.
4. Currently, there are many tools for cracking user-level security passwords in the Access database, but the MDW files can be processed by users so that even if the MDW files are cracked, the permission to use the MDE source code file MDB cannot be obtained, not to mention that the MDE source code file MDB cannot be obtained because it is not released at all. Nowhere, unless your computer is easy to use. Therefore, the program is certainly safe. Although the database data security is relatively safe, it is also sufficient.