Hidden table

  • Thread starter Thread starter Jason
  • Start date Start date
J

Jason

I'm setting up some simple security (without using a
workgroup) and it was recommended that I make my password
table hidden, which I have done. My question is how do I
view the table now?
 
Jason said:
I'm setting up some simple security (without using a
workgroup) and it was recommended that I make my password
table hidden, which I have done. My question is how do I
view the table now?
Click to expand...

The same way your users who know how Access works will. By going into
options and checking the "View Hidden Objects" box. You could also name the
table with a USys prefix in which case they would have to check the option
for "View System Objects".

A step up from that would be to store the table in a separate file and
rather than creating a permanent link to it just query it from code when
needed. Then the table could not be viewed in the DB Window at all. If
you distribute as an MDE file then your code that queries the external
table cannot be examined to see where the table is located.
 
I tried the external idea first, but couldn't figure out
the code for querying. Here's the code I have for the
password form - what would I need to do to query a table
in an external database?

Thanks in advance,

Jason

Private Sub Command4_Click()

Dim strPWD, strPWD2, strUserID

strUserID = Me.UserID
strPWD = Me.pwd

Dim dbs As Database, rst As Recordset, strsql As String

Set dbs = CurrentDb

'Build sql to retrieve password from table
strsql = "SELECT tblPasswords.Password " & _
"FROM tblPasswords " & _
"WHERE (((tblPasswords.UserID)='" & strUserID
& "'));"

'Set strPWD2 equal to retrieved password
Set rst = dbs.OpenRecordset(strsql)
strPWD2 = rst.Fields(0)

'If the passwords are correct (or if password is blank)
open switchboard
If strPWD = strPWD2 Or strPWD2 = "" Then
Me.Visible = False
DoCmd.OpenForm "Switchboard"
'Otherwise clear password and prompt user to reenter
Else
MsgBox "Your User ID or Password is incorrect. Please
try again."
Me.pwd = Null
Me.pwd.SetFocus
End If

rst.Close
Set dbs = Nothing

End Sub
 
I really don't think using any form of table to store passwords is a good
idea! Consider securing your application with a workgroup file.

Tom.
 
But that is way more complicated.

I feel the table idea is ok if someone needs a simple solution. But rather
than trying to hide the table, just obfuscate the data that is stored in it.
Then, it doesn't matter if the users read the table: they will not be able
to make sense of it. And if your code is MDEd, they will hopefully not be
able to reverse the obfuscation!

TC
 
Well, you obviously haven't looked into workgroup files... very secure, very
easy to setup, security can be applied to any combination of database
objects, simpler to control, etc, etc! BTW, obfuscation on works on those
who don't give a toss - one day someone will and you'll lose your database!

Best of luck!

Tom.
 
Well, you obviously haven't looked into workgroup files...
Click to expand...

I think if you check out some of my posts in
microsoft.public.access.security over the years, you might want to change
your mind on that.

TC
 
When I said that you should consider securing your application with a
workgroup file, your response was '...But that is way more complicated'. You
went on to say '...And if your code is MDEd, they will hopefully not be able
to reverse the obfuscation'! If you have been using workgroup files 'over
the years' then you would know how easy they are to use... also, I should
point out that MDEing a database does not stop anyone from looking at a
table that has no permissions set on it... and although your code may be
safe, your table contents aren't, especially ones that have passwords stored
in them!

When I suggested that you hadn't looked into workgroup files it was based on
what you were saying in this thread, not over the past few years!

I think if you check out some of my posts in
microsoft.public.access.security over the years, you might want to change
your mind on that.
Click to expand...

So why aren't you using workgroup files?

Tom.
 
When I said that you should consider securing your application with a
workgroup file, your response was '...But that is way more complicated'. You
went on to say '...And if your code is MDEd, they will hopefully not be able
to reverse the obfuscation'!
Click to expand...
If you have been using workgroup files 'over
the years' then you would know how easy they are to use...
Click to expand...

You have to be joking! For the average punter, workgroup files are NOT easy
to use - as is clearly evidenced by the thousands of questions about them in
the relevant newsgroups. The OP was clearly not experienced in Access
security. I aimed my comments at that level.

also, I should
point out that MDEing a database does not stop anyone from looking at a
table that has no permissions set on it... and although your code may be
safe, your table contents aren't, especially ones that have passwords stored
in them!
Click to expand...

That's what "obfuscation" is all about. If the content has been obfuscated,
it doesn't matter whether someone can read it - because they can't make
sense of what they have read.

TC
 
Back
Top