Linq Adams via AccessMonster.com said:
I almost added, "But Doug Steele won't like this!" But the
fact is, the average Access user doesn't have a clue about
resetting environment variables. And if you're really concerned
about securing your database from the kind of people who
do know about them, Access is probably not the right choice.
You could probably also say that the average Access user doesn't have any
interest in [bypassing your protection | looking at someone else's data |
any number of other things] in support of not bothering with any safeguards
at all.
But, the fact is, that it's not a matter of whether Access is the right
choice, but whether we choose to just trust in the user's ignorance rather
than use some actual security. We certainly know that Access' own security
was so breakable that Microsoft chose not even to use it for Access 2007's
ACCDB and ACE, but it would certainly be more of a deterrent than any scheme
relying on the environment variables. Would you suggest not using Access for
users who might discover that holding down Shift when starting or Pressing
F11 will often display a normally-blocked database window, rather than
disabling the bypass key?
My advice to clients with concerns about sensitive data would be to use a
server DB for the back end and choose one that had good security; about the
database application itself, I'd say "don't worry too much about that
because any experienced Access developer can watch an application in use and
re-create it in a fraction of the time it took to create in the first
place" -- secure to the extent possible, and control access to the
workstations. That's disappointing advice to people who'd like to
distribute their Access databases to a wide audience of users, and for that
kind of distribution, there are more secure options.
Whether they are "better" options depends on a number of factors. I don't
know of any commercial application or operating system that the "phreaks"
haven't cracked and published the crack. They typically get copies of MS
operating systems and publish them with the crack before the OS is even
available to the general public.
Larry Linson
Microsoft Office Access MVP