How to prohibit users from importing queries from my database

[Guest]

I'm using Access as a frontend to a SQL server. The Access database contains
a number of passthru queries. I've eliminated access to the database by
setting the proper database properties and startup options. However, users
can create a blank Access database and import passthru queries from my Access
database. The imported queries have the ODBC connection string with the
password. They can then use this password to access the SQL data.

How can I prevent this???

Thanks in advance.

 

[Granny Spitz via AccessMonster.com]

The imported queries have the ODBC connection string with the
password.

Why? That's a huge security risk. *Anyone* can read that without even
opening your database, thereby bypassing your startup settings.

How can I prevent this???

The proper way is to remove the user name and password from the connection
string, have the SQL Server DBA create accounts for each of the users and set
appropriate permissions on views and SPs. Then the user has to authenticate
before using the SQL data.

If you don't want them to see the connection string at all, apply User level
security to prevent users from reading the query design (which they need in
order to import it into another database). That won't stop anyone determined
though. There are tools on the web to bypass Access security.

Another alternative is to avoid saved passthrough queries and just use them
in code. Your other post mentions it's an MDE file, so users can't see the
code but anyone with a Hex editor who knows where to look can find the
connection string in the file, so that's not foolproof either.