The problem with Access security is that there are cracking products on
the web which reveal the usernames, PIDs and passwords from a workgroup
file. So anyone who gets one of those products, can impersonate any
valid user. This does not /neccessarily/ let anyone change the design
of the database, but it is a fatal weakness, nonetheless.
The weakness is due to a simple error in how they encrypt the details
in the workgroup file. It would be easy to fix, IMHO. However, it will
/not/ be fixed in the next version of Access.
I don't know SQL Express at all, but it's hard to imagine that it would
have a similar error. But as for whether that makes SQL Express
"better" than Access, it depends on what you mean by "better". Is a 10
ton safe "better" than a small tin box? Maybe - maybe not. It depends
entirely on what criteria you use, to define the term "better". The
safe is more secure (good) - but heavier (bad). Only you can tell
whether the "good" outweighs the "bad", in that example.
HTH,
TC
