A user gets Database window in a "startup-restricted" .mde file.

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I had developed a Access front-end application with linked tables to a
Solaris-resident oracle database. I had converted the mdb to mde and using
the startup options restricted the user only to the main form at startup and
some other pop up forms (all boxes unticked in the start-up settings). But
to my dismay I found that when that .mde was run in an Access XP (2002), the
user got not only the main form window but also the data-base window. That
is a security breach as the user could access the linked tables. We noticed
that this problem happened only if an ICON (.ico) was assciated with the
..mde file while doing the start-up settings and the specified .ico file was
found at the specified path on the target machine) and also it did not happen
with Access 2003 or if the .ico file was deleted on the target machine (even
with Access 2002). There was no way for the developer using Access 2000 to
know such a severe security breach could occur on releasing his .mde).
 
Habib said:
I had developed a Access front-end application with linked tables to a
Solaris-resident oracle database. I had converted the mdb to mde and
using the startup options restricted the user only to the main form
at startup and some other pop up forms (all boxes unticked in the
start-up settings). But to my dismay I found that when that .mde was
run in an Access XP (2002), the user got not only the main form
window but also the data-base window. That is a security breach as
the user could access the linked tables. We noticed that this
problem happened only if an ICON (.ico) was assciated with the .mde
file while doing the start-up settings and the specified .ico file
was found at the specified path on the target machine) and also it
did not happen with Access 2003 or if the .ico file was deleted on
the target machine (even with Access 2002). There was no way for the
developer using Access 2000 to know such a severe security breach
could occur on releasing his .mde).
Click to expand...

MDEs are not considered a security mechanism. The fact that code is
protected is a by-product of their use, but that is not their primary
purpose. If you want security then implement security.
 
Those startup settings are only applied as part of the startup
process, and are not applied if the startup process does not
run.

There are several ways to avoid running part or all of the
startup process: for example loading from the recent menu
gives you a slightly different startup process than double
clicking on an mdb.

I wonder if there is something wrong with your icon, or with
your installation, that is causing the startup process to
abort when you load the icon?

(david)
 
I'd try opening the MDE from another database, & running the following
code to see if the startup props are still what you think:

(untested)

dim db as database, p as property
set db = dbengine.opendatabase ("full path to your MDE")
for each p in db.properties
debug.print p.name; tab(30);
on error resume next
debug.print p.value;
if err.number <> 0 then debug.print err.description;
on error goto 0
debug.print
next
set db=nothing

HTH,
TC
 
Thank you TC. I did what you suggested and the following is the last few
lines from the VB immediate window (concerning start-up options) copied (for
pasting here) when the break-point placed at the end of your code was reached.
The start-up options are quite as expected except I do not see any thing
about the ICON file path name in the debug print output.:
MDE T
AppTitle äÜÜãÜÜæÃÃŒ ãÜÜÊÜÜÇÈÜÜÚÜÜÉ
StartUpForm Form.Login
StartUpShowDBWindow False
StartUpShowStatusBar False
StartUpMenuBar BlankMenu
AllowShortcutMenus False
AllowFullMenus False
AllowBuiltInToolbars False
AllowToolbarChanges False
AllowSpecialKeys False
HijriCalendar False

And for Rick Brandt the debate was not about mdb vs. mde but about obeying
the start-up options. My mention of making the .mde was to emphasize how
concerned I was about user playing around.
Habib.
 
Habib said:
Thank you TC. I did what you suggested and the following is the last
few lines from the VB immediate window (concerning start-up options)
copied (for pasting here) when the break-point placed at the end of
your code was reached. The start-up options are quite as expected
except I do not see any thing about the ICON file path name in the
debug print output.:
MDE T
AppTitle äÜÜãÜÜæÐÌ ãÜÜÊÜÜÇÈÜÜÚÜÜÉ
StartUpForm Form.Login
StartUpShowDBWindow False
StartUpShowStatusBar False
StartUpMenuBar BlankMenu
AllowShortcutMenus False
AllowFullMenus False
AllowBuiltInToolbars False
AllowToolbarChanges False
AllowSpecialKeys False
HijriCalendar False

And for Rick Brandt the debate was not about mdb vs. mde but about
obeying the start-up options. My mention of making the .mde was to
emphasize how concerned I was about user playing around.
Habib.
Click to expand...

Understood, but all of those options above can be changed right back to their
defaults by any user who knows how unless you implement User-level-security at
the same time.
 
Sure, but the point was to confirm that the MDE did have the options
that he thought it did.

TC
 
Not sure what else I can suggest :-(

My main application uses MDEs (in A97, 2000 & 2002 format) with an .ICO
file defined. However, the path to the .ICO file is incorrect, so the
icon is actually not displayed. But the startup options still work
fine. I've not seen any case where they did not behave the way I
expected - in an MDE, or MDB - with or without an ICO file - with the
ICO file on file, or not on file.

Cheers,
TC
 
The start-up options are quite as expected except I do not see any
about the ICON file path name in the debug print output.:
Click to expand...

Is this the method by which the icon file was associated?

Note that you can also associate an icon file by several other
methods: in the shortcut (associated with the shortcut), in
the registry (associated with the profile), or as a splash screen,
simply by renaming the icon to match the mdb file name.

Similarly for the database window: using the /runtime option
in a startup shortcut will hide the database window.

(david)
 
Oops - I actually did not see that sentence before! So much for careful
reading.

I assumed that he was assigning the icon via Tools:Startup Options (or
whatever it is). I know the aqpplication icon path is exposed through a
property, because I wrote some code so the database could reassign the
path at runtime. And there is a method to refresh the titlebar with the
new icon (RefreshTitleBar, from memory). But I can't remember whether
the icon path property was a Database property, or something else. So
it might or might not be significant that he did not see it in the db
properties.

I'll follow this up if the OP replies, but not if he doesn't, because
all my stuff is at a different location than the one from which I post.

Cheers,
TC
 
Back
Top