If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
How to keep someone from importing data out of my database
I have a split database with an MDE front end and forms linked to tables on a
MySQL BE located on a network server. How do i keep a user from simply creating a new empty access database and importing the tables out of my BE by accessing the links to my tables that are stored in my FE (i.e. the forms are grayed out but not the queries or tables)?!!!! |
#2
|
|||
|
|||
How to keep someone from importing data out of my database
For the most part, if they can get at the data, then they can take it.
If you 100% hide the access interface, then that usually keeps most users out and they not be able to see the tables. In fact, often users will not even know your application is written in access. The above helps a lot, but savvy users could still import linked tables to another database. If you really need to prevent this you could setup workgroup security so they would not be able to import the links to another database. If a user were to join the same workgroup they might be able to import the tables but it would require users to have above average (advanced) access skills. I would as a 1st step simply hide the access interface. Try downloading and running the 3rd example at my following web site that shows a hidden ms-access interface (no code is required to do this....but just some settings in the start-up). Check out: http://www.members.shaw.ca/AlbertKal...s/DownLoad.htm After you try the application, you can exit, and then re-load the application, but hold down the shift key to by-pass the start-up options. If want, you can even disable the shift key by pass. I have a sample mdb file that will let you "set" the shift key bypass on any application you want. You can get this at: http://www.members.shaw.ca/AlbertKal.../msaccess.html -- Albert D. Kallal (Access MVP) Edmonton, Alberta Canada |
#3
|
|||
|
|||
How to keep someone from importing data out of my database
Hi Albert,
Thanks for the reply. I have already removed the toolbar/menu and disabled the bypass key and, I believe, have the FE locked down- except for this problem. Microsoft needs to deal with their security problems. Just a note of interest, I am being told by the IT people at the University here that they don’t want us to put any sensitive data in Access. Since sensitive now days is phone numbers, student ID#s, or even where I got a biological sample from, it pretty much makes access useless for universities. I assume the business world has the same problem. The user interface of Access is fantastic but the security issues are going to kill them- unless you only want to store your cooking recipes. I will explore user level security and will talk with the computer folks here at the university to see if there is some way to shield the FE from users so they can rip off the back end. If you hear of any way to stop someone from importing tables out of an Access database (FE) with linked tables, please let me know- I am desperate. "Albert D. Kallal" wrote: For the most part, if they can get at the data, then they can take it. If you 100% hide the access interface, then that usually keeps most users out and they not be able to see the tables. In fact, often users will not even know your application is written in access. The above helps a lot, but savvy users could still import linked tables to another database. If you really need to prevent this you could setup workgroup security so they would not be able to import the links to another database. If a user were to join the same workgroup they might be able to import the tables but it would require users to have above average (advanced) access skills. I would as a 1st step simply hide the access interface. Try downloading and running the 3rd example at my following web site that shows a hidden ms-access interface (no code is required to do this....but just some settings in the start-up). Check out: http://www.members.shaw.ca/AlbertKal...s/DownLoad.htm After you try the application, you can exit, and then re-load the application, but hold down the shift key to by-pass the start-up options. If want, you can even disable the shift key by pass. I have a sample mdb file that will let you "set" the shift key bypass on any application you want. You can get this at: http://www.members.shaw.ca/AlbertKal.../msaccess.html -- Albert D. Kallal (Access MVP) Edmonton, Alberta Canada |
#4
|
|||
|
|||
How to keep someone from importing data out of my database
"salmonella" wrote in message
... Hi Albert, Thanks for the reply. I have already removed the toolbar/menu and disabled the bypass key and, I believe, have the FE locked down- except for this problem. Microsoft needs to deal with their security problems. Just a note of interest, I am being told by the IT people at the University here that they don't want us to put any sensitive data in Access. But you told me your data is in MySql. So, how does that effect ms-access??? Your secrity going to be setup on the MySql side of things. What is stop a user from firing up excel and going data-Import External data and pulling the data out of mysql? If you hear of any way to stop someone from importing tables out of an Access database (FE) with linked tables, please let me know- I am desperate. Yes, you can setup user level security and they not be able to import those linked tables.... You can find the security faq for access he http://support.microsoft.com/default.aspx?scid=kb;[LN];207793 You not really mentioned how you setup the MySql security..but, if you allowing users to read that data, then you might try the MySql newsgroups for what they suggest, but for the most part your security issues will be that of your database engine, in this case MySql. You not using ms-access to store this data so secuirty really not an issue of ms-access, it is that of mySql... -- Albert D. Kallal (Access MVP) Edmonton, Alberta Canada |
#5
|
|||
|
|||
How to keep someone from importing data out of my database
On Sat, 1 Nov 2008 11:09:01 -0700, salmonella wrote:
Thanks for the reply. I have already removed the toolbar/menu and disabled the bypass key and, I believe, have the FE locked down- except for this problem. Microsoft needs to deal with their security problems. Just a note of interest, I am being told by the IT people at the University here that they don’t want us to put any sensitive data in Access. Since sensitive now days is phone numbers, student ID#s, or even where I got a biological sample from, it pretty much makes access useless for universities. Given that there are screen capture utilities and optical character recognition software readily available... If the user of your database can SEE the information in it, they can capture it. If the user of your database *cannot* see the information in it, the database is useless (or the information should not be stored on any computer). This is a bureaucratic issue. This is not an Access issue or even a technical issue. -- John W. Vinson [MVP] |
#6
|
|||
|
|||
How to keep someone from importing data out of my database
Hi Albert and John,
I am not sure if I have not confused you both or if I just don’t get what you are saying, so here it goes again…. A user uses a PW (not Access ULS, but my VB code) to log onto the FE, then, depending on who the user is, I allow them different editing and viewing rights for each record. So users are adding, editing or viewing only those records that they have permission to. This all works very well and would, I believe, be very secure if not for the problem below. It appears that a property of Access is to allow one access database to import data in linked tables from any other Access database. Therefore it appears that Access, or even Excel, may be able to ‘ask’ my MySQL-linked FE to have a copy of all the data in the BE tables it is linked to and my FE then uses its ODBC connection and passwords to access and get the data for this other access database. As far as I can tell, my security problem thus is with Access and not MySQL since mysql is simply giving the information to my FE, as it is supposed to, and it is my FE that is then giving the information to the other database/excel (which I don’t want it to do but which seems to be a property of Access). Thus what I need to know is if there is a utility, etc. within Access that will allow my FE to deny a request from another access database or excel to get it copies of tables and queries from my BE, much in the same way that an MDE version of my FE will deny a similar request from an access database for forms in my FE. Yes I agree that there are always other ways for someone to steal data, such as capturing screen shots, however, these sorts of things are not a ‘problem’ with what I am doing. Lastly, I am a GREAT fan of Access, as a biochemist and someone who has never taken a single computer course, Access has proven itself to me to be indispensable in my work. So, for the record, I, am not knocking Access, I will not give up on Access, and I will get this bug worked out to the satisfaction of the IT people. Hope this makes more sense, and I am really hoping that I am making some stupid little error and that there is a quick solution to this problem. "John W. Vinson" wrote: On Sat, 1 Nov 2008 11:09:01 -0700, salmonella wrote: Thanks for the reply. I have already removed the toolbar/menu and disabled the bypass key and, I believe, have the FE locked down- except for this problem. Microsoft needs to deal with their security problems. Just a note of interest, I am being told by the IT people at the University here that they don’t want us to put any sensitive data in Access. Since sensitive now days is phone numbers, student ID#s, or even where I got a biological sample from, it pretty much makes access useless for universities. Given that there are screen capture utilities and optical character recognition software readily available... If the user of your database can SEE the information in it, they can capture it. If the user of your database *cannot* see the information in it, the database is useless (or the information should not be stored on any computer). This is a bureaucratic issue. This is not an Access issue or even a technical issue. -- John W. Vinson [MVP] |
#7
|
|||
|
|||
How to keep someone from importing data out of my database
Hi Albert and John, I am not sure if I have not confused you both or if I just don’t get what you are saying, so here it goes again…. A user uses a PW (not Access ULS, but my VB code) to log onto the FE, then, depending on who the user is, I allow them different editing and viewing rights for each record. So users are adding, editing or viewing only those records that they have permission to. This all works very well and would, I believe, be very secure if not for the problem below. It appears that a property of Access is to allow one access database to import data in linked tables from any other Access database. Therefore it appears that Access, or even Excel, may be able to ‘ask’ my MySQL-linked FE to have a copy of all the data in the BE tables it is linked to and my FE then uses its ODBC connection and passwords to access and get the data for this other access database. As far as I can tell, my security problem thus is with Access and not MySQL since mysql is simply giving the information to my FE, as it is supposed to, and it is my FE that is then giving the information to the other database/excel (which I don’t want it to do but which seems to be a property of Access). Thus what I need to know is if there is a utility, etc. within Access that will allow my FE to deny a request from another access database or excel to get it copies of tables and queries from my BE, much in the same way that an MDE version of my FE will deny a similar request from an access database for forms in my FE. Yes I agree that there are always other ways for someone to steal data, such as capturing screen shots, however, these sorts of things are not a ‘problem’ with what I am doing. Lastly, I am a GREAT fan of Access, as a biochemist and someone who has never taken a single computer course, Access has proven itself to me to be indispensable in my work. So, for the record, I, am not knocking Access, I will not give up on Access, and I will get this bug worked out to the satisfaction of the IT people. Hope this makes more sense, and I am really hoping that I am making some stupid little error and that there is a quick solution to this problem. "Albert D. Kallal" wrote: "salmonella" wrote in message ... Hi Albert, Thanks for the reply. I have already removed the toolbar/menu and disabled the bypass key and, I believe, have the FE locked down- except for this problem. Microsoft needs to deal with their security problems. Just a note of interest, I am being told by the IT people at the University here that they don't want us to put any sensitive data in Access. But you told me your data is in MySql. So, how does that effect ms-access??? Your secrity going to be setup on the MySql side of things. What is stop a user from firing up excel and going data-Import External data and pulling the data out of mysql? If you hear of any way to stop someone from importing tables out of an Access database (FE) with linked tables, please let me know- I am desperate. Yes, you can setup user level security and they not be able to import those linked tables.... You can find the security faq for access he http://support.microsoft.com/default.aspx?scid=kb;[LN];207793 You not really mentioned how you setup the MySql security..but, if you allowing users to read that data, then you might try the MySql newsgroups for what they suggest, but for the most part your security issues will be that of your database engine, in this case MySql. You not using ms-access to store this data so secuirty really not an issue of ms-access, it is that of mySql... -- Albert D. Kallal (Access MVP) Edmonton, Alberta Canada |
#8
|
|||
|
|||
How to keep someone from importing data out of my database
"salmonella" wrote in message
... It appears that a property of Access is to allow one access database to import data in linked tables from any other Access database. And the same as for excel, word, power-point and anything else you use. The problem here is what's to stop the person from using excel and importing data directly from MySql? We NOT talking about using excel to get data from an access database we talking about using Excel to grab the data from MySql (Excel can use odbc to MySql here). linked to and my FE then uses its ODBC connection Are you using a DSN here? Excel and word can use that same dsn, and will not have to bother with ms-access to connect and import the data. Thus what I need to know is if there is a utility, etc. within Access that will allow my FE to deny a request from another access database There is not a utility, but you choose to not read my last post. I said you can setup ULS to prevent users from importing the tables (or linked" tables) into other access applications. much in the same way that an MDE version of my FE will deny a similar request from an access database for forms in my FE. Well, users can still open up the mde with a text editor, and the passwords if hard coded will be in plain sight. As I said, if you setup access user level security then users can't import anything to another file but they can still open up the mde file with a text editor. You not talking about copying data here, but only "links". If you save table links in your c++ application, then I can still open up that application with a text editor and see your passwords.... If you looking to build a high security application then a simple desktop application like ms-access is not going to be the correct tool at all. -- Albert D. Kallal (Access MVP) Edmonton, Alberta Canada |
#9
|
|||
|
|||
How to keep someone from importing data out of my database
I can't speak for MySQL, but with MS SQL you can set the users who are
allowed to get information from the database. If the user (not the database) does not have permissions to get information from the database (where the data is stored) they will not be able to get the data. If you have designed an Access front-end that is linked to MySql and the link embeds the a user-id and password, then you do have a hole in your security. On the other hand if you use windows authentication with MS SQL server the hole is NOT there and cannot be exploited. In other words I agree with John and Albert. The problem is not with Access. It is with the security settings on the database server. How does mySql control permissions and access to the data it stores? '================================================= === John Spencer Access MVP 2002-2005, 2007-2008 The Hilltop Institute University of Maryland Baltimore County '================================================= === |
#10
|
|||
|
|||
How to keep someone from importing data out of my database
Apparently both you and the security people at your university need to learn
a bit about how front-end and back-end databases work. According to your first post, your data is not "in Access" but stored in your backend "MySQL" database, which, I am reasonably certain, has security features that you can use. I've used backend databases in Microsoft SQL Server, Informix, and various Sybase databases and the server database, in each case, had strong security which was used to protect the data. Each user, when they logged in to the application (the front-end user interface in Access) would be asked for their password when they first accessed the server, and that password and the user's userid would be used for the remainder of the session. Security in databases done with Access with data stored in the default Jet database engine (and now the default ACE database engine in Access 2007) has never been a strong point. However, you can use Microsoft SQL Server -- now available in a free Express Edition which will support a modest number of concurrent users and has strong security as does the full edition. For learning Access, for developing applications to later use senstive data, and for applications handling non-sensitive data, Access and Jet/ACE are excellent. For sensitive data, I have always found it trivially simple to convert the database to link to tables in a backend database for which security is a strong point (and, that would be "most of them") to store data. Larry Linson Microsoft Office Access MVP "salmonella" wrote in message ... Hi Albert, Thanks for the reply. I have already removed the toolbar/menu and disabled the bypass key and, I believe, have the FE locked down- except for this problem. Microsoft needs to deal with their security problems. Just a note of interest, I am being told by the IT people at the University here that they don't want us to put any sensitive data in Access. Since sensitive now days is phone numbers, student ID#s, or even where I got a biological sample from, it pretty much makes access useless for universities. I assume the business world has the same problem. The user interface of Access is fantastic but the security issues are going to kill them- unless you only want to store your cooking recipes. I will explore user level security and will talk with the computer folks here at the university to see if there is some way to shield the FE from users so they can rip off the back end. If you hear of any way to stop someone from importing tables out of an Access database (FE) with linked tables, please let me know- I am desperate. "Albert D. Kallal" wrote: For the most part, if they can get at the data, then they can take it. If you 100% hide the access interface, then that usually keeps most users out and they not be able to see the tables. In fact, often users will not even know your application is written in access. The above helps a lot, but savvy users could still import linked tables to another database. If you really need to prevent this you could setup workgroup security so they would not be able to import the links to another database. If a user were to join the same workgroup they might be able to import the tables but it would require users to have above average (advanced) access skills. I would as a 1st step simply hide the access interface. Try downloading and running the 3rd example at my following web site that shows a hidden ms-access interface (no code is required to do this....but just some settings in the start-up). Check out: http://www.members.shaw.ca/AlbertKal...s/DownLoad.htm After you try the application, you can exit, and then re-load the application, but hold down the shift key to by-pass the start-up options. If want, you can even disable the shift key by pass. I have a sample mdb file that will let you "set" the shift key bypass on any application you want. You can get this at: http://www.members.shaw.ca/AlbertKal.../msaccess.html -- Albert D. Kallal (Access MVP) Edmonton, Alberta Canada |
Thread Tools | |
Display Modes | |
|
|