Suggestions on how to secure data in MDB, yet still allow external access to it?

  • Thread starter Thread starter Chris
  • Start date Start date
C

Chris

I'm working on a simple Access 2002 application. I've secured my code--by
splitting the data into an MDB and compiling my
code/forms/queries/reports/etc. into an MDE.

Next, I'd like to secure the data in the MDB. I realize that an MDB can be
password-protected; I'm sure it's a simple matter to modify the links in my
MDE so that it can still access the data in the MDB. I also understand that
an MDB can be encrypted. How secure is a password-protected MDB? Is
encryption recommended? Are there any disadvantages of either/both measures?

Lastly, I'd like certain users to be able to open the database in read-only
mode--to create their own custom reports. I figured I'd tell them to create
their own personal MDBs, link to the tables in the "live" MDB, and then
design their own queries and reports in the personal MDBs. However, I don't
think this would be very secure, since I would need to tell them the
password for the "live" MDB.

How are others handling this? BTW, I purposely avoided Access' user-level
security, instead controlling user access within the application itself.
 
Chris said:
I'm working on a simple Access 2002 application. I've secured my code--by
splitting the data into an MDB and compiling my
code/forms/queries/reports/etc. into an MDE.

Next, I'd like to secure the data in the MDB. I realize that an MDB can be
password-protected; I'm sure it's a simple matter to modify the links in my
MDE so that it can still access the data in the MDB. I also understand that
an MDB can be encrypted. How secure is a password-protected MDB? Is
encryption recommended? Are there any disadvantages of either/both measures?

Lastly, I'd like certain users to be able to open the database in read-only
mode--to create their own custom reports. I figured I'd tell them to create
their own personal MDBs, link to the tables in the "live" MDB, and then
design their own queries and reports in the personal MDBs. However, I don't
think this would be very secure, since I would need to tell them the
password for the "live" MDB.

How are others handling this? BTW, I purposely avoided Access' user-level
security, instead controlling user access within the application itself.

The best you can do to protect data (if you stay with a Jet back end) is use
user-level security. Anything else is trivial to get past. ULS can be broken
as well, but it does raise the bar of difficulty considerably over "home-grown"
solutions.
 
(snip)
BTW, I purposely avoided Access' user-level security, instead
controlling user access within the application itself.


Then, you'll have to enhance your home-grown method to do what you want!

Alternatively, learn how to use Access user-level security, which will do
what you want.

HTH,
TC
 
Back
Top