Access 2000 database security
I am developing windows application with database in access 2000. Since, I have always been in development, I have little knowledge about secur开发者_JS百科ing database. And now, its time for me to learn it and having difficulty.
The database is located at one a common shared location on our network server. I would like to know how to secure the database so that no one can open from the location and still be able to read and write the data through the windows application.
If you want data security, then you should use something other than Jet/ACE as your data store.
Your last sentence of your question is quite unclear, but it sounds contradictory. To be able to edit a Jet/ACE database, the user has to have full CHANGE permission on the database in the file system. There is no way around this.
Certainly if you use MDB format, you can use Jet User-Level Security, but that's been cracked long ago and it takes about 10 minutes to Google and purchase what you need to crack it. It's also fussy and difficult to do correctly (many people go through the motions of securing their database with Jet ULS and end up accomplishing nothing but making things more complicated, while leaving it wide open).
Database passwords are security theater, even though in ACCDB format from A2007 the encryption is much stronger (and no longer easily crackable). But you then have to encode the password in your front-end application, and unless you know what you're doing, that is an open invitation for browsing with a hex editor to find the password.
If you need security, upsize to a server database back end that provides real data security.
What I have done in the past with Access 2000 is create a front end database and a back end database. The back end would contain just the raw data. The front end would contain the forms, reports and etc.
On the back end I would create a form that is used to disable and enable the shift key bi-pass. The form has a 'Enable Bipass' and a 'Disable Bipass' button. It also has a text box to enter a password. To use it, you type the password and hit either button. Then set the database so that the form is specified under start up. As long as the shift key is disabled, then they can not get into the database and modify data directly.
On the front end I apply the same functionality to stop them from getting into the database and editing the data in the linked tables. I also use Jet security on the front end to manage what they have access to.
It sounds like you just need to set some ACL's on it so that only one windows account can access it, then impersonate that account using your windows application.
You could put a password on the database so that nobody can open it without knowing the password. Your application has to pass the password when doing the database connection, but that's pretty standard.
The drawback is that password protection on Access databases isn't really strong, so that any technically talented person with some criminal intent could break it.
精彩评论