Decompile a secured mdb

[ragtopcaddy via AccessMonster.com]

How do I do it? What should the shortcut property look like?

Thanks,

Bill R

--
Bill Reed

"If you can't laugh at yourself, laugh at somebody else"

Message posted via AccessMonster.com

 

['69 Camaro]

Hi, Bill.

How do I do it? What should the shortcut property look like?

Try: (watch out for word wrap, as this is all one line)

"<Full path to Office>\MSAccess.EXE" "<Full path to DB>\MyDB.MDB" /wrkgrp
"<Full path to secure workgroup>\Secure.MDW" /decompile

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

 

[ragtopcaddy via AccessMonster.com]

Gunny,

Thanks a million.

BTW: I have a '75 Eldorado ragtop myself!

Bill R

Hi, Bill.


Try: (watch out for word wrap, as this is all one line)

"<Full path to Office>\MSAccess.EXE" "<Full path to DB>\MyDB.MDB" /wrkgrp
"<Full path to secure workgroup>\Secure.MDW" /decompile

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

--
Bill Reed

"If you can't laugh at yourself, laugh at somebody else"

Message posted via AccessMonster.com

 

[ragtopcaddy via AccessMonster.com]

Gunny,

I was just testing the secured mdb. I opened the db by double-clicking on the
file in explorer. That logged me in as Admin. My implementation of security
on this db removed all permissions on all objects for the Users group. Admin
is removed from the Admins group and only has Users permissions. I couldn't
change any data in the tables, which is what I wanted. However, I could click
on command buttons and run code that makes changes to other objects, such as
killing files on the server in anticipation of creating new versions, which
will not happen because Admin can't write to tables in the database. How do I
deal with this possibility? It would be nice if command buttons or VBA
procedures were subject to security restrictions, but that's apparently not
the case.

Thanks,

Bill R

Hi, Bill.


Try: (watch out for word wrap, as this is all one line)

"<Full path to Office>\MSAccess.EXE" "<Full path to DB>\MyDB.MDB" /wrkgrp
"<Full path to secure workgroup>\Secure.MDW" /decompile

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

--
Bill Reed

"If you can't laugh at yourself, laugh at somebody else"

Message posted via AccessMonster.com

 

['69 Camaro]

Ooooohh! Nice!

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

 

['69 Camaro]

Hi, Bill.

That logged me in as Admin.

It's not properly secured if the default Admin user can open the database.

My implementation of security
on this db removed all permissions on all objects for the Users group.

You should also remove the ability of the Users group to open the database.
Any member of the Users group shouldn't be able to open the database, unless
he's also a member of another group.

However, I could click
on command buttons and run code that makes changes to other objects

Don't give permissions to open/run those forms except to the groups that are
authorized. Create an MDE database file and unauthorized users can't go to
the VB Editor and run code, either.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

 

[ragtopcaddy via AccessMonster.com]

Gunny,

My intention was for everyone to be able to open the db and look at info.
With the exception of the command buttons, this is working just fine. I don't
mind people seeing the data or opening forms and reports, I just don't want
them to edit, add, or delete data, including txt files on the server. I don't
see any way to accomplish this short of an additional security layer in the
form of a table that contains NT logon names and the examination of the user
to entries in that table at the beginning of procedures that make changes. Do
you concur?

Bill R

Hi, Bill.

That logged me in as Admin.

It's not properly secured if the default Admin user can open the database.

My implementation of security
on this db removed all permissions on all objects for the Users group.

You should also remove the ability of the Users group to open the database.
Any member of the Users group shouldn't be able to open the database, unless
he's also a member of another group.

However, I could click
on command buttons and run code that makes changes to other objects

Don't give permissions to open/run those forms except to the groups that are
authorized. Create an MDE database file and unauthorized users can't go to
the VB Editor and run code, either.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

Gunny,

[quoted text clipped - 45 lines]

--
Bill Reed

"If you can't laugh at yourself, laugh at somebody else"

Message posted via AccessMonster.com

 

['69 Camaro]

Hi, Bill.

Do
you concur?

Not quite. One cannot put up a fence halfway around a perimeter and expect
it to keep the area secured. You also need to convert the file to an MDE
database file to protect the code from being viewed or changed. You need to
use RWOP queries so that the default Admin user can only see the data he's
supposed to see. The Users group has no permissions on any tables
whatsoever. Don't use the Environ variables to check the current user,
because those are subject to change at runtime, after the user has logged
in.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

Gunny,

My intention was for everyone to be able to open the db and look at info.
With the exception of the command buttons, this is working just fine. I
don't
mind people seeing the data or opening forms and reports, I just don't
want
them to edit, add, or delete data, including txt files on the server. I
don't
see any way to accomplish this short of an additional security layer in
the
form of a table that contains NT logon names and the examination of the
user
to entries in that table at the beginning of procedures that make changes.
Do
you concur?

Bill R

Hi, Bill.

That logged me in as Admin.

It's not properly secured if the default Admin user can open the database.

My implementation of security
on this db removed all permissions on all objects for the Users group.

You should also remove the ability of the Users group to open the
database.
Any member of the Users group shouldn't be able to open the database,
unless
he's also a member of another group.

However, I could click
on command buttons and run code that makes changes to other objects

Don't give permissions to open/run those forms except to the groups that
are
authorized. Create an MDE database file and unauthorized users can't go
to
the VB Editor and run code, either.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

Gunny,

[quoted text clipped - 45 lines]

Bill R

--
Bill Reed

"If you can't laugh at yourself, laugh at somebody else"

Message posted via AccessMonster.com

 

[Rick Brandt]

Hi, Bill.


Not quite. One cannot put up a fence halfway around a perimeter and
expect it to keep the area secured. You also need to convert the
file to an MDE database file to protect the code from being viewed or
changed. You need to use RWOP queries so that the default Admin user
can only see the data he's supposed to see. The Users group has no
permissions on any tables whatsoever. Don't use the Environ
variables to check the current user, because those are subject to
change at runtime, after the user has logged in.

Actually, if you have a "base level" of user access you want to give most users
you can grant those permissions to the Users group and "normal users" will then
be able to use any workgroup, not have to log in, yet will still be restricted
to the permissions you give to the Users group. The use of logins and
particular workgroup files can then be restricted to those who need higher
authorities than the base group.

Lots of people secure their apps this way and only the developer actually uses
the secure MDW file which is not even included with the app.

 

[ragtopcaddy via AccessMonster.com]

Rick,

Yes, this is the method I'm using. My concern is not for proprietary or
confidential data, but primarily for "accidental death and dismemberment" of
my app by reckless users and tinkers. Also, in this particular app, there are
procedures that overwrite text files on the server and I need to be sure
those actions are not inadvertently executed.

Thanks for your help,

Bill

Hi, Bill.

[quoted text clipped - 9 lines]

variables to check the current user, because those are subject to
change at runtime, after the user has logged in.

Actually, if you have a "base level" of user access you want to give most users
you can grant those permissions to the Users group and "normal users" will then
be able to use any workgroup, not have to log in, yet will still be restricted
to the permissions you give to the Users group. The use of logins and
particular workgroup files can then be restricted to those who need higher
authorities than the base group.

Lots of people secure their apps this way and only the developer actually uses
the secure MDW file which is not even included with the app.