f



An NT Security Gotcha that looks like a Jet Security issue

I am posting this to the newsgroup because I wasted some time on
Friday troubleshooting a problem of my own making. Other people
might benefit from hearing about it. 

I'm working on the final touches to an app that's going to be run by
3 people in an office from their workstations, and about 10 other
people remotely via Windows Terminal Server. The TS is set up and
operating beautifully (I'm not the client's sysadmin, but I
*trained* the guy who is, so I've been given full administrative
control). 

I had done all my testing via the Terminal Server and had forgotten
that I couldn't use the TS's local drive letters (LAN users do have
a drive mapped to the TS, but it's not the same as the drive letter
when run locally). So, when this was pointed out to me, I slapped my
forehead and changed to UNC paths. 

In all my testing, everything worked fine.

When the client tester tried it, the app was read-only. Well, it
turns out that we'd replaced the testing back end with the real back
end and loaded some archived data, and it looked like the security
was not set up right. Also, I'd added some back-end link checking,
as there actually 3 distinct versions of the front end that need to
be linked to three different back ends (a testing version, a
training version and the production version, linked (respectively)
to a testing back end, a training back end and the production back
end), and thought that something was going wrong with the relinking
code when it was run by a user that didn't have full permissions on
the tables. 

To make a long story short, it turned out that the problem had
nothing to do with Jet security, but was caused by my using the
wrong UNC path. 

The app is physically located on the data drive of the terminal
server, which is D:. There's a top-level DATA folder, which is
shared, and in that folder is the folder for this app, called
ApplicantsDB. That, too, is shared. So, when you browse the Terminal
Server via My Network Places, you see three shares, Data,
ApplicantsDB and Quickbooks (which is another top-level share). 

My intention was that all back end links woul use the UNC path
through the ApplicantsDB *share*, as in: 

  \\TerminalServer\ApplicantsDB

But I mistakenly set them all up as:

  \\TerminalServer\Data\ApplicantsDB

That means going through the DATA share. As it turns out, the user
group defined for this Access application has no permissions set at
all on the DATA share (or folder), and has MODIFY permission on the
ApplicantsDB folder and share. The Domain Users group has READ-ONLY
access on the DATA folder and share, so the result was that nobody
but domain adminirators (which included *me*) had write permission
on \\TerminalServer\Data\ApplicantsDB because I was getting to the
ApplicantsDB *folder* via the Data *share*, instead of getting to
the same dsetination through the ApplicantsDB share. 

So, if you're ever in a situation where you are getting read-only
access (or none at all) to data on a server, be sure to check that
the permissions are set correctly on it and that you're accessing it
through the right path. 

I knew all of this, of course (I was the one who set it up!), and
was just not paying attention. 

But I thought I'd post about it because most people who do Access
development don't have the NT adminstration experience that I have,
so might have much more trouble figuring out a problem like this. 

It gave *me* enough difficulty, and I'm supposed to *know* what I'm
doing in this area! 

-- 
David W. Fenton                        http://www.bway.net/~dfenton
dfenton at bway dot net                http://www.bway.net/~dfassoc
0
dXXXfenton (2542)
9/17/2005 6:28:31 PM
comp.databases.ms-access 42670 articles. 0 followers. Post Follow

5 Replies
676 Views

Similar Articles

[PageSpeed] 13

I had a couple of long debugging sessions similar to what you're describing on
a project of mine a while back.  I'm in the mode now that when it's possible
to repeat a mistake that's hard to diagnose, I try to add some kind of
automation that makes the mistake harder to make.

In my case (though I think it wouldn't have worked for yours), I added
constants to the code for the development, production, and testing back-end
paths.  When the code starts up, it checks the links, and if they point to
anything other then the production path, a warning pops up saying the
Development, Testing, or an Unknown back-end path is being used.  When running
the re-link operation, I also can pass one of the constant names as the path
argument, so I can't accidentally mis-type it.

Since there are long periods between work sessions with the client in
question, I'm sure without the link checking code, I'd have made the same
mistake again more than once and spent quite a while debugging each time
before saying "doh!"


On Sat, 17 Sep 2005 13:28:31 -0500, "David W. Fenton"
<dXXXfenton@bway.net.invalid> wrote:

>I am posting this to the newsgroup because I wasted some time on
>Friday troubleshooting a problem of my own making. Other people
>might benefit from hearing about it. 
>
>I'm working on the final touches to an app that's going to be run by
>3 people in an office from their workstations, and about 10 other
>people remotely via Windows Terminal Server. The TS is set up and
>operating beautifully (I'm not the client's sysadmin, but I
>*trained* the guy who is, so I've been given full administrative
>control). 
>
>I had done all my testing via the Terminal Server and had forgotten
>that I couldn't use the TS's local drive letters (LAN users do have
>a drive mapped to the TS, but it's not the same as the drive letter
>when run locally). So, when this was pointed out to me, I slapped my
>forehead and changed to UNC paths. 
>
>In all my testing, everything worked fine.
>
>When the client tester tried it, the app was read-only. Well, it
>turns out that we'd replaced the testing back end with the real back
>end and loaded some archived data, and it looked like the security
>was not set up right. Also, I'd added some back-end link checking,
>as there actually 3 distinct versions of the front end that need to
>be linked to three different back ends (a testing version, a
>training version and the production version, linked (respectively)
>to a testing back end, a training back end and the production back
>end), and thought that something was going wrong with the relinking
>code when it was run by a user that didn't have full permissions on
>the tables. 
>
>To make a long story short, it turned out that the problem had
>nothing to do with Jet security, but was caused by my using the
>wrong UNC path. 
>
>The app is physically located on the data drive of the terminal
>server, which is D:. There's a top-level DATA folder, which is
>shared, and in that folder is the folder for this app, called
>ApplicantsDB. That, too, is shared. So, when you browse the Terminal
>Server via My Network Places, you see three shares, Data,
>ApplicantsDB and Quickbooks (which is another top-level share). 
>
>My intention was that all back end links woul use the UNC path
>through the ApplicantsDB *share*, as in: 
>
>  \\TerminalServer\ApplicantsDB
>
>But I mistakenly set them all up as:
>
>  \\TerminalServer\Data\ApplicantsDB
>
>That means going through the DATA share. As it turns out, the user
>group defined for this Access application has no permissions set at
>all on the DATA share (or folder), and has MODIFY permission on the
>ApplicantsDB folder and share. The Domain Users group has READ-ONLY
>access on the DATA folder and share, so the result was that nobody
>but domain adminirators (which included *me*) had write permission
>on \\TerminalServer\Data\ApplicantsDB because I was getting to the
>ApplicantsDB *folder* via the Data *share*, instead of getting to
>the same dsetination through the ApplicantsDB share. 
>
>So, if you're ever in a situation where you are getting read-only
>access (or none at all) to data on a server, be sure to check that
>the permissions are set correctly on it and that you're accessing it
>through the right path. 
>
>I knew all of this, of course (I was the one who set it up!), and
>was just not paying attention. 
>
>But I thought I'd post about it because most people who do Access
>development don't have the NT adminstration experience that I have,
>so might have much more trouble figuring out a problem like this. 
>
>It gave *me* enough difficulty, and I'm supposed to *know* what I'm
>doing in this area! 

0
nospam48 (2784)
9/18/2005 3:11:03 AM
Steve Jorgensen <nospam@nospam.nospam> wrote in
news:qtlpi1p29ol971fpquqhfqlirv2eb91uke@4ax.com: 

> I had a couple of long debugging sessions similar to what you're
> describing on a project of mine a while back.  I'm in the mode now
> that when it's possible to repeat a mistake that's hard to
> diagnose, I try to add some kind of automation that makes the
> mistake harder to make. 
> 
> In my case (though I think it wouldn't have worked for yours), I
> added constants to the code for the development, production, and
> testing back-end paths. . . .

Well, that's precisely what I'd done, but I'd copied the *wrong*
paths into the constants, because I'd picked them up from
CurrentDB.Name, and I'd opened the database from
\\TerminalServer\Data\ApplicantsDB instead of from
\\TerminalServer\ApplicantsDB! 

> . . . When the code starts up, it checks the
> links, and if they point to anything other then the production
> path, a warning pops up saying the Development, Testing, or an
> Unknown back-end path is being used.  When running the re-link
> operation, I also can pass one of the constant names as the path 
> argument, so I can't accidentally mis-type it.

Well, this was exactly the task that the code I was writing was
performing, and it was because I'd used constants in the code that
it ran into the problem. 

> Since there are long periods between work sessions with the client
> in question, I'm sure without the link checking code, I'd have
> made the same mistake again more than once and spent quite a while
> debugging each time before saying "doh!"

Well, nothing can protect you or me from putting the wrong values in
the constants! 

-- 
David W. Fenton                        http://www.bway.net/~dfenton
dfenton at bway dot net                http://www.bway.net/~dfassoc
0
dXXXfenton (2542)
9/18/2005 9:23:33 PM
On Sun, 18 Sep 2005 16:23:33 -0500, "David W. Fenton"
<dXXXfenton@bway.net.invalid> wrote:

....
>> . . . When the code starts up, it checks the
>> links, and if they point to anything other then the production
>> path, a warning pops up saying the Development, Testing, or an
>> Unknown back-end path is being used.  When running the re-link
>> operation, I also can pass one of the constant names as the path 
>> argument, so I can't accidentally mis-type it.
>
>Well, this was exactly the task that the code I was writing was
>performing, and it was because I'd used constants in the code that
>it ran into the problem. 
>
>> Since there are long periods between work sessions with the client
>> in question, I'm sure without the link checking code, I'd have
>> made the same mistake again more than once and spent quite a while
>> debugging each time before saying "doh!"
>
>Well, nothing can protect you or me from putting the wrong values in
>the constants! 

No - I guess not.  In my case, since I'd just been debugging the same kind of
mystery when I implemented the constants as a fix, I think I'd have seen/fixed
the problem with the constants right away.  Without that, I could well have
had the same kind of problem you did.
0
nospam48 (2784)
9/19/2005 4:25:38 AM
Steve Jorgensen <nospam@nospam.nospam> wrote in
news:rafsi1te0n4c0qkrjslkpb12v491d14oe6@4ax.com: 

> On Sun, 18 Sep 2005 16:23:33 -0500, "David W. Fenton"
><dXXXfenton@bway.net.invalid> wrote:
> 
> ...
>>> . . . When the code starts up, it checks the
>>> links, and if they point to anything other then the production
>>> path, a warning pops up saying the Development, Testing, or an
>>> Unknown back-end path is being used.  When running the re-link
>>> operation, I also can pass one of the constant names as the path
>>> argument, so I can't accidentally mis-type it.
>>
>>Well, this was exactly the task that the code I was writing was
>>performing, and it was because I'd used constants in the code that
>>it ran into the problem. 
>>
>>> Since there are long periods between work sessions with the
>>> client in question, I'm sure without the link checking code, I'd
>>> have made the same mistake again more than once and spent quite
>>> a while debugging each time before saying "doh!"
>>
>>Well, nothing can protect you or me from putting the wrong values
>>in the constants! 
> 
> No - I guess not.  In my case, since I'd just been debugging the
> same kind of mystery when I implemented the constants as a fix, I
> think I'd have seen/fixed the problem with the constants right
> away.  Without that, I could well have had the same kind of
> problem you did. 

I still don't understand your point. I was using constants. And I
was checking the back end links. And I was relinking to the values
in the constants. 

And those values were the WRONG ONES.

So, setting constants doesn't help unless you are setting the right
constants. 

Indeed, the constants didn't *cause* the problem, either. Whatever
method I'd have used for getting the back end names would have been
subject to the same human error. 

But the problem was one that I hadn't really encountered before,
because I normally am on the ball with defining my UNC paths. 

-- 
David W. Fenton                        http://www.bway.net/~dfenton
dfenton at bway dot net                http://www.bway.net/~dfassoc
0
dXXXfenton (2542)
9/20/2005 1:37:31 AM
On Mon, 19 Sep 2005 20:37:31 -0500, "David W. Fenton"
<dXXXfenton@bway.net.invalid> wrote:

>Steve Jorgensen <nospam@nospam.nospam> wrote in
>news:rafsi1te0n4c0qkrjslkpb12v491d14oe6@4ax.com: 
>
>> On Sun, 18 Sep 2005 16:23:33 -0500, "David W. Fenton"
>><dXXXfenton@bway.net.invalid> wrote:
>> 
>> ...
>>>> . . . When the code starts up, it checks the
>>>> links, and if they point to anything other then the production
>>>> path, a warning pops up saying the Development, Testing, or an
>>>> Unknown back-end path is being used.  When running the re-link
>>>> operation, I also can pass one of the constant names as the path
>>>> argument, so I can't accidentally mis-type it.
>>>
>>>Well, this was exactly the task that the code I was writing was
>>>performing, and it was because I'd used constants in the code that
>>>it ran into the problem. 
>>>
>>>> Since there are long periods between work sessions with the
>>>> client in question, I'm sure without the link checking code, I'd
>>>> have made the same mistake again more than once and spent quite
>>>> a while debugging each time before saying "doh!"
>>>
>>>Well, nothing can protect you or me from putting the wrong values
>>>in the constants! 
>> 
>> No - I guess not.  In my case, since I'd just been debugging the
>> same kind of mystery when I implemented the constants as a fix, I
>> think I'd have seen/fixed the problem with the constants right
>> away.  Without that, I could well have had the same kind of
>> problem you did. 
>
>I still don't understand your point. I was using constants. And I
>was checking the back end links. And I was relinking to the values
>in the constants. 
>
>And those values were the WRONG ONES.
>
>So, setting constants doesn't help unless you are setting the right
>constants. 
>
>Indeed, the constants didn't *cause* the problem, either. Whatever
>method I'd have used for getting the back end names would have been
>subject to the same human error. 
>
>But the problem was one that I hadn't really encountered before,
>because I normally am on the ball with defining my UNC paths. 

I was agreeing with you.

I'm saying the only reason I avoided the same problem is that I was dealing
with similar symptoms right -before- I created the constants and was using the
constants as a fix.  If I had just implemented the constants up-front, there
would have been nothing to prevent me having a similar problem to yours.
0
nospam48 (2784)
9/20/2005 2:04:44 AM
Reply:

Similar Artilces:

How secure is the security from my security form?
Hey, I have a question about how secure the following will be.... I want to have a login form that posts to itself, so when it loads it checks if there is a username and password on the query list. If there is not, it asks for one. If there is, it checks to see if the information is valid. If it is not valid, it deletes the attributes and calls itself again. If it is valid it sets a particular session variable to be some value and redirects to the next page. Every page from there on in will check to see if the session variable is set and if not will redirect back to the login page. Are ...

how secure is the security from my security form?
Hey, I have a question about how secure the following will be.... I want to have a login form that posts to itself, so when it loads it checks if there is a username and password on the query list. If there is not, it asks for one. If there is, it checks to see if the information is valid. If it is not valid, it deletes the attributes and calls itself again. If it is valid it sets a particular session variable to be some value and redirects to the next page. Every page from there on in will check to see if the session variable is set and if not will redirect back to the login page. Are there any security risks/holes that I should know about? Thanks in advance, Aaron PS I do have access to Tomcat, but have been unable to figure out how to set it up (this is my first time setting up security for a site) - so if anyone has any tips/links that information would be most appreciated. Thanks again. ...

Security Issue
I have a created a secured database by following the security faq on the Microsoft website. I am opening my secured database logged in as one of the users that I created using a new mdw that does not contain the Admin user in the Admins group. Now I am closing this secured database but not quitting ACCESS. At this point, I am using the File menu to open another secured database (that uses a different mdw) and gain "full" control over its object!!! I am using ACCESS 2000. Is this normal behaviour? If this is not the desired behaviour how can I prevent it from happening? Is the o...

Problem with MS Access 97 database security
All, I recently started at a company that has a number of older MS Access 97 database applications that support production and order fulfillment. There is one database with which I have the following problems: 1) no one can make modifications to the database except by logging in using the database creator's userid and password on the workstation used by that person, who has of course left the company. Anyone else who tries to access the database, even the system administrator, gets the message "You dont have the nececssary permissions to use the xxxxxxxxx object.Have your system administrator or the person who created the object establish the appropriate permissions for you." 2) We logged in and "added" another person with the same permissions as the creator for all database objects, except we did not change the database object "ownerships", and the problem still persists. I suspect that the ownerships are the problem. Is this so? 3) I dont know anything about the restriction to a particular machine. Can anyone enlighten me on this issue? TIA JL <jliebman@kjlsoftware.com> wrote in message news:1176986756.146353.213270@e65g2000hsc.googlegroups.com... > All, > > I recently started at a company that has a number of older MS Access > 97 database applications that support production and order > fulfillment. There is one database with which I have the following > problems: > > 1) no one can make modifications ...

Problem with MS Access 97 database security #2
All, I recently started at a company that has a number of older MS Access 97 database applications that support production and order fulfillment. There is one database with which I have the following problems: 1) no one can make modifications to the database except by logging in using the database creator's userid and password on the workstation used by that person, who has of course left the company. Anyone else who tries to access the database, even the system administrator, gets the message "You dont have the nececssary permissions to use the xxxxxxxxx object.Have your system administrator or the person who created the object establish the appropriate permissions for you." 2) We logged in and "added" another person with the same permissions as the creator for all database objects, except we did not change the database object "ownerships", and the problem still persists. I suspect that the ownerships are the problem. Is this so? 3) I dont know anything about the restriction to a particular machine. Can anyone enlighten me on this issue? TIA JL ...

com.ms.security, com.ms.security.PermissionID.FILEIO and error in compiling
I need to permit to an Applet to read and write HD files. All ok with java 1.2, 1.3, 1.4 and 1.5 of Sun. But when, before signing a verson of my applet written for Internet Explorer without Java SUN (Microsoft 1.1.4 JVM), I try to insert this: try { Class s=Class.forName("com.ms.security.PolicyEngine"); if (s!=null) {s.assertPermission(com.ms.security.PermissionID.FILEIO);} } catch(Throwable e) {System.out.println("Error: "+e);} The result, is, while I compile my applet, the following error: package com.ms.security does not exist s.assertPermission(com...

Security in Access 97
I want than only few users are able to use a certain controll (tab) in a form. Is that possible in the security system we have in Access 97 or do I have to program everything in VBA. Helge (Norway) ...

Excel database query does not work after securing an Access database
Hi all, I'd appreciate if someone could give me a hint to this little annoying problem: I have a simple database that I want to be able to query from Excel. When I use the "new database query" wizard on an unsecured version of my database, everything works fine. I am able to read the tables and queries, I can build customized queries in Excel from the Access tables/queries. Now, the moment I secure my database I loose all connectiviity between Excel and Access. The wizard won't even connect to the database. When I add permission to "open/read database" object through "Users and Groups Permission" in Access, I am able to connect to the database and see all the tables/queries, but it does not show the fields. I thought that in theory if I add permissions to "read design" and "read data" to my tables and queries for the regular users that should solve the problem, but it doesn't. I am obviously missing something somewhere, but what? I searched the web but could not find anyting. I am using Windows XP Pro SP2 and Access 2003 and Excel 2003. Any advice???? Michael I'm actually just facing this problem as well myself, and have no answer. I have a secure database that's split front and backend. I've had split secure databases before where I have been able to query via excel, but for some reason, this one won't let me. ...

Database Security Issues
I'm helping someone to create an online database. All is fine and good except for one problem. Here it is: In order to provide connectivity to the database, I've created a file called database.php which is readable only by the Apache web server. It contained the following: <?php function database() { $db = mysql_connect("localhost", "mtlstats", /* the password */); mysql_select_db("mtlstats", $db); return $db; } ?> I quickly realized that even though nobody could read the password from the file, there was nothing preventing the other people with accounts on my web server, from including this file into one of their own php scripts, and hijacking the database. I therefore made a change, so that it would only work when called from a file in the /mtlstats directory. The file now reads as follows: <?php function database() { if(strpos($PHP_SELF, "/mtlstats/") === 0) { $db = mysql_connect("localhost", "mtlstats", /* the password */); mysql_select_db("mtlstats", $db); return $db; } return NULL; } ?> Unfortunately, I've discovered that although $PHP_SELF normally returns the name of the file being processed by the server, when called from within a function, it returns NULL for some reason. Can anyone suggest an alternative means of correcting this problem? Any assistance w...

Access Database Security
I have a client using an mde created in 1999 by someone else, for which I don't have the original source. There is a workgroup file that accompanies the mde file. I have the user and password information required by the workgroup file. In 2004 the client requested changes. Without the source, I couldn't make the change to the mde file itself, so I wrote a small mdb that attaches tables and provides a form to fulfill the client's new requirements. I created a shortcut for the new mdb that includes the workgroup info, and for 2 years everything has worked fine. Suddenly, the client is getting permission errors whenever he attempts to access his data. He can open my tool mdb, but not the tables attached to it. As it works fine when re-installed on my desktop, I figured his copy of the workgroup file had been corrupted or overwritten. I sent him a replacement, but it didn't help. Any ideas on where the permission errors might be coming from would be greatly appreciated. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Permissions are kept in the .mdb/e file. The user name and passwords are kept in the .mdw file. Check the .mde file's Security settings (if you can). Also, if new queries have been created make sure they have the RWOP (Run With Owner Option) property set to yes (checked). Then make sure the proper user/groups have the proper permissions on those queries. -- MGFoster:::mgf00 <at> earthlink <decimal-point> net Oa...

Securing an Access Database.
If you secure an MSACCESS Database using a Workgroup Information File WIF and then setting up permissions removing the Admin user from the its default group, repalce it with another named user, transfer all the ownership of objects to the new user. Then run the database security wizard. If after this the mdb file is placed on a different users PC which is still using the defauult system.mdw file should they still be able to open the database with full rights and permissions ? D wrote: > If you secure an MSACCESS Database using a Workgroup Information File > WIF and then setting up permissions removing the Admin user from the > its default group, repalce it with another named user, transfer all > the ownership of objects to the new user. Then run the database > security wizard. If after this the mdb file is placed on a different > users PC which is still using the defauult system.mdw file should they > still be able to open the database with full rights and permissions ? No. If they can you missed a step. -- Rick Brandt, Microsoft Access MVP Email (as appropriate) to... RBrandt at Hunter dot com Hi, David. > If after this the mdb file is placed on a different > users PC which is still using the defauult system.mdw file should they > still be able to open the database with full rights and permissions ? In many cases, yes, but only if certain vital steps were missed. To give you an idea of which steps were missed, even af...

Secure your digital information assets with Secure Auditor. Secure Windows with Secure Auditor
hey guys If you want to identify vulnerabilities in your windows than try this new tool Secure Auditor. It does Windows scanning, auditing, password cracking, event log viewing, port scanning, Windows hardware and software inventory management etc. Download this link and make your system hacking proof. http://www.download.com/Secure-Auditor/3000-2653-10826743.html?part=dl-SecureAud&subj=uo&tag=button Just install it and see the magic. No security hole and no false positive. By the way it also audit Oracle database, MSSQL databases and Cisco Routers. ...

Secure your digital information assets with Secure Auditor Secure Windows with Secure Auditor
hey guys! If you want to identify vulnerabilities in your windows than try this new tool Secure Auditor. It does Windows scanning, auditing, password cracking, event log viewing, port scanning, Windows hardware and software inventory management etc. Download this link and make your system hacking proof. http://www.download.com/Secure-Auditor/3000-2653-10826743.html?part=dl-SecureAud&subj=uo&tag=button Just install it and see the magic. No security hole and no false positive. By the way it also audit Oracle database, MSSQL databases and Cisco Routers. ...

Security problems in F-Secure Client Security?
Hello, as I have been testing F-Secure Policy Manager/Console (PM) and F-Secure Client Security (CS) I have found three very serious problems: In all cases the system envirionment has always been the same, Windows 2000 with latest service pack und latest fixes. A: F-Secure's Policy Manager 5.61 and Client Security 5.54 can't communicate together as CS doesn't find the management server anymore after installation :( This worked better with CS 5.50 and 5.52. B: The internet shield of CS can be bypassed, even when policy has been instructed to deny automatically and to forbid the client to use individual settings. Imagine that in a sensitive production environment, a real horror :( C: Under certain circumstances clients cannot scan for viruses anymore if the logged in user doesn't belong to the adminnistrator group. My question to you all is: Did you find same or similar problems, and if yes, did F-Secure agree that these are problems which may cause damage and whether you got any final solution from F-Secure? I have sent several notes and diags to them, well I can say support has tried to help, but there didn't come any real solution. Well, would be fine to get all your helpful feedback. Michael ...

Access Security without using the Security Wizard
Hi, I have created an access db that I would like to secure. The database will exist on a shared drive and be used at a number of different locations hence the reason to secure the database. The users of the database also use other databases therefore I want to secure this database without using the wizard so it does not effect their other databases. So far I have created a "frmLogin" used for logging into the database which gives the user access to two forms "frmNewRecord" and "frmSearch" >From the "frmSearch" the user can access "frmEditRecord". What I would like to do now is: 1. Track when a user creates a new record. I have created text box within the "frmNewRecord" named "Created_by" how can I have this populated automatically by the user who created it? 2. I'd also like to track when a user edits an existing record within "frmEditRecord". I have created a text box named "Last_Updated_by". How can I have this text box automatically updated by the user who last edited this record? 3. I would like to prevent the user's from accessing the design of the forms, tables and queries. Plus I'd like to restrict them accessing the tables & queries which support these forms. Plus the sub forms within these forms. I already have set the db up so when it opens the "frmLogin" opens up. However if they hold the shift key down they can bypass straight to tables...

Scheduling a secured access app with macro security
Environment: Acess 2003 with security via MDW file. A person would like their app to be run via the scheduler in the nighttime. This seems fairly straight forward. But there is a glitch. The people have macro security set to medium. So when the username and password are passed, the application does not immediately open but then warns the user that the app could be dangerous to open. For me, I simply set the macro security to low for my development work. However, I don't know if IT would accept or reject me doing so. This app is a main app in use at the company and should be trusted. However, they don't have Vista so there is no "trusted" zone capability. Is there any reason for the users not to have the macro security set to low? When I watch the users log in to the app, the security message is simply is another dialog box to press the button on via a mouse. The security dialog box, useful perhaps the first time entering the app, is now simply another step to enter the app. I doubt the users even look at the message in the dialog box, simply press the button to get access into the system. So, my question. If IT rejects a low security setting, how do you get beyond the macro security dialog box in a scheduling script? Would you recommend using Sendkeys to pass a right arrow/Enter in the scheduling script to execute the dialog box? Macro security is global. If one sets macro security to low, then ALL apps use that setting. If...

Security Wizard but Not Secure
Hello people. I have a database that: * was not secured originally * I applied the user-level security wizard to * has the Admin user demoted to the Users group * had the User's group with no permissions * the Admin user doesn't own any objects When I open this with my shortcut and new mdw file everything works as expected. When I open this with standard Access security.mdw, my database is still wide open. Any ideas what step I missed? Thanks <drink.the.koolaid@gmail.com> wrote in message news:1147781112.258494.175040@i39g2000cwa.googlegroups.com... > Hello people. > > I have a database that: > * was not secured originally > * I applied the user-level security wizard to > * has the Admin user demoted to the Users group > * had the User's group with no permissions > * the Admin user doesn't own any objects > > When I open this with my shortcut and new mdw file everything works as > expected. > When I open this with standard Access security.mdw, my database is > still wide open. > > Any ideas what step I missed? > Possibly more than one, it's easily done. Have you removed the "Users" group's permission to the *database* object? The problem with the wizard is that you don't learn anything about user-level security which is self-defeating IMO. Have you read the security FAQ (link on my web site)? Regards, Keith. www.keithwilby.com ...

Secure Access 2000 database
I have a database that contains complaint information in regards to Law Enforcement. They need to have this database secure and out of reach for all but two users. (including me, they say). In other words, the data they place in this table is higly sensitive and no one other then a few users must have access to it. If there are design changes, they would like to give me access to make the changes and they lock it down again. Suggestions on accomplishing this, including 3rd party tools, would be great. I have read a bit about encryption and it doesn't appear to be able to accomplish their ...

MS 2000 Secured Database
Hi. I have created a secured database which lots of my colleagues use. However when I want to make changes I can't because invariably there is somebody using it. Is there a way of either kicking everybody out or finding out who is using it, so I can go and beat them up so they get out. cheers Stephen Stephen, Your database should be split into a front end and a back end. The back end will have just the tables, the front end will have everything else, and will be linked to the tables in the back end. Each user will have a copy of the FE on his or her computer. When you make changes, make them in another copy of the FE. There are a lot of ways to distribute new versions of the FE, but the one I've used most is to write a batch file that checks to see if the user has the newest version and if not, copies it over from the file server to their computer and then starts the database. You can see a write-up of how I do this on my website at http://www.abcdataworks.com in the developers' section. Jeremy -- Jeremy Wallace Fund for the City of New York http://metrix.fcny.org Cheers Jeremy I will have a look at your site and have a play Stephen Total agreement about the splitting (I use a log-in db app to check for a new version / download and log users in... not too hot with the aule batches, me), but for a more immediate solution, take a look at the lock file - this is a file placed in the directory that the database is in, with the same name as the database b...

security problem with ms-access?
hi list, since a couple of weeks we face a special "security" problem. neraly every ms-access database that is located on our net-drives cannot be opened. when clicking the document's icon, first, the warning message arises "open document - security message" - "Really open *.mdb ....?", second, when clicking "start" ms-access starts, but the mdb-file cannot be opened. message: "ms-access could not open the file ... The file is located outside the intranet or on a website that is considered to be insecure. ms-access therefore will not open the document because of possible security problems" (translation from the german dialogs - somediffeences to the original english dailog can be assumed) when copying the file to a local hard disk, it works again. butthat's not the idea of an intra-enterprise database, is it? any ideas how to come over that ???? thanx in advance norbert ps. some of these mdb-files are replicated ... norbert On Tue, 3 Jun 2008 04:58:00 -0700 (PDT), novak <norbert.neuwirth@oif.ac.at> wrote: Did you deploy the applications on each workstation, per best practices? -Tom. >hi list, > >since a couple of weeks we face a special "security" problem. neraly >every ms-access database that is located on our net-drives cannot be >opened. > >when clicking the document's icon, first, the warning message arises >"open document - security message" - &qu...

Securing Access 2000 Database
What is the best way to secure a multi-user access database? Here is the issue. Customer is wanting to allow ALL users into the database, but they only want 2 users to be able to DELETE records. I have split the database into 2 files: * Data File (Tables) * Program File (Linked Tables to Data File, queries, Forms, Reports...) User double clicks on Program File for normal use. Suggestions? I tried to implement the Security Work-group file and added the groups and got everything setup that I wanted and it worked, but then when I went to another PC to test, I was not able to login to the Database (something about Security right, I think it is trying to autologin as "admin" and it doe s not have that user in the Work-group file) Am I doing something wrong? Do I have the right approach? Please Advise. (First time trying to secure a database for multi-user system) thanks, Jeff -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Did you place the WorkGroup file (.mdw) on the other PC? It needs to be w/ all front-ends (file w/ queries, forms & reports). -- MGFoster:::mgf00 <at> earthlink <decimal-point> net Oakland, CA (USA) ** Respond only to this newsgroup. I DO NOT respond to emails ** -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBSbGo2oechKqOuFEgEQK0wwCcCFDp6dHbzaNaq0fobBylxkjf1UcAnAqN IlBdHRaRaPasC3mRG0JdIgeN =/Ohw -----END PGP SIGNATURE----- harris@compu-type.net wrote: > What is the best w...

Access 2000 security issue
I hope someone can help me out set up the security properly. I have Microsoft Access 97 and Access 2000 in my computer and I developed my database with Access 2000 with the updated patch SP-3. I had no trouble to create a workgroup and successfully to run the security wizard and the group permissions. Everything seemed to work fine as expected as long as both mdb and mdw files were in the same folder. Unfortunately, the problem came up when I renamed or moved the folder and did not join the workgroup to the specific folder. There would be no more log-on prompt when I opened up the database. In order words, people would be able to make a backup copy and open it up in any computer with the default (or any) workgroup file. I checked the default user group and the permission had been completely removed (after running the security wizard). The default admin account was no longer with the admins group. I even followed Microsoft recommendation to create a new empty database and import all objects from the secured database in order to work around the security issue with the Access 97. So far, none of measures was successful. Anyone can shed the light on the issue? Thanks I can only recommend that you download the Security FAQ from http://support.microsoft.com/kb/207793/en-us. It is many pages, and it contains no filler-material (all the content is information). Read it, study it, and repeat... then try out what you think you know on a _copy_ of ...

MS Access Application security
Hi i have read about the user level security in MS access. But i would like to find out how it is possible to secure a database application. I have a leave (or vacation) record system. My data is in DB1.MDB and the rest of the objects reside in DB2.MDB. I would like to use WinXP login ID to determine the user and use this to make sure the staff is allowed to update / request his own record and not others. I am able to determine the user ID in the VBScript. But i do not know how can i enforce it. The only purpose is to retain WinXP userid and to give user specific privilege to update the DB only.My purpose is primarily to avoid creating another set of pwd for the users to remember. For some advice please. Thank you. Boon Yiang <chuaby@hotmail.com> wrote in message news:1163054555.876620.143560@h54g2000cwb.googlegroups.com... > Hi > > i have read about the user level security in MS access. But i would > like to find out how it is possible to secure a database application. I > have a leave (or vacation) record system. > > My data is in DB1.MDB and the rest of the objects reside in DB2.MDB. I > would like to use WinXP login ID to determine the user and use this to > make sure the staff is allowed to update / request his own record and > not others. I am able to determine the user ID in the VBScript. But i > do not know how can i enforce it. The only purpose is to retain WinXP > userid and to give user specific privilege to update th...

MS Access Security FAQ
On Page 3: "1. What are the steps to secure a database? [...] You may elect not to use the Security Wizard and to secure the database manually by following these steps. [Steps 1 thru 6] 7. Open the database that you want to secure and run the Security Wizard." Why would the steps to NOT use the Security Wizard include a step to USE the Security Wizard? Any help appreciated. -- croy ...

Web resources about - An NT Security Gotcha that looks like a Jet Security issue - comp.databases.ms-access

Krebs on Security
The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...

Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...

Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...

Security (finance) - Wikipedia, the free encyclopedia
equity securities, e.g., common stocks ; and, The company or other entity issuing the security is called the issuer . A country's regulatory ...

Apple hires former Microsoft, Amazon executive to head corporate security
... executive to oversee its corporate digital defenses, according to Reuters . George Stathakopoulos was vice president of information security ...

Nexus Devices getting a Second March 2016 Security Update
When it comes to security updates, once a month is usually pretty outstanding. Especially when it comes to comparing Nexus or unlocked devices ...

Apple’s top security expert to testify in court this Tuesday
Next Monday, Apple will once take command of the tech news cycle when it introduces a range of new hardware , including a brand new 4-inch iPhone ...

Ted Cruz From Obama’s Open Border: ‘This Is A National Security Crisis’
Ted Cruz From Obama’s Open Border: ‘This Is A National Security Crisis’

The Latest: Hollande chairs emergency security meeting
PARIS (AP) — The Latest on the arrest of a key suspect in the Paris attacks (all times local):

Q&A: Symantec CEO On Split, New Security-Focused Channel Vision And Apple Vs. FBI *
Symantec has had a busy year, completing its split, landing a massive strategic investment, and continuing to roll out new products and partner ...

Resources last updated: 3/21/2016 7:41:32 AM