Results 1 to 9 of 9
  1. #1
    darklich is offline Novice
    Windows 10 Access 2003
    Join Date
    Oct 2018
    Posts
    5

    Any recommendations on how to password protect a DB on a network?

    Basically I am concerned that if someone remotes into my network with the correct privileges that they can then ransomware or straight up steal valuable company data. Does anyone have experience with any third party programs that can slap a password on my.MDB? We had a scare recently where someone was able to get local admin access, but thankfully were not able to access the network where the DB is stored. I'm just trying to be proactive here. Thank you.

  2. #2
    isladogs's Avatar
    isladogs is offline MVP / VIP
    Windows 10 Access 2010 32bit
    Join Date
    Jan 2014
    Location
    Somerset, UK
    Posts
    5,954
    Why can't you use the built in 'security' to password protect / encrypt the MDB file directly from Access?
    MDB files are not very secure but its better than nothing.
    However if you are worried about security, you should be using ACCDB/ACCDE files instead or putting the backend data in SQL Server.

    For more information, see these articles:
    http://www.mendipdatasystems.co.uk/c...ity/4594431226
    https://www.everythingaccess.com/tut...under-the-hood
    Colin, Access MVP, Website, email
    The more I learn, the more I know I don't know. When I don't know, I keep quiet!
    If I don't know that I don't know, I don't know whether to answer

  3. #3
    darklich is offline Novice
    Windows 10 Access 2003
    Join Date
    Oct 2018
    Posts
    5
    Thank you for the reply. I guess this may not be the best place to ask this. It is more of a networking issue i suppose. I was hoping that there was a 3rd party program that would do a kind of two step authentication before accessing the DB.

    As for SQL Server, me and others have been begging them to do this for years. Thank you.

  4. #4
    isladogs's Avatar
    isladogs is offline MVP / VIP
    Windows 10 Access 2010 32bit
    Join Date
    Jan 2014
    Location
    Somerset, UK
    Posts
    5,954
    I am concerned that if someone remotes into my network with the correct privileges that they can then ransomware or straight up steal valuable company data.
    Reading this again, I may have misunderstood what you meant.
    I'd still start by making it as secure as possible onsite - split db with ACCDE front end with user login, no nav pane, no ribbon & various locked down options + ACCDB (or SQL) backend with password encryption.

    You can't prevent users with access to the FE from copying the FE file BUT don't give users permissions to open the BE folder & they can't copy the BE
    You can stop the FE being run offsite by tying the app to a particular machine
    To do so, you check items like the hard drive number, CPU ID & motherboard ID - basically its an activation process.
    If the values don't tally, users won't be able to run the app

    I've done this successfully on a couple of my commercial apps but doing all the above is a lot of work to setup and thoroughly test.

    Good luck
    Colin, Access MVP, Website, email
    The more I learn, the more I know I don't know. When I don't know, I keep quiet!
    If I don't know that I don't know, I don't know whether to answer

  5. #5
    darklich is offline Novice
    Windows 10 Access 2003
    Join Date
    Oct 2018
    Posts
    5
    Quote Originally Posted by ridders52 View Post
    You can't prevent users with access to the FE from copying the FE file BUT don't give users permissions to open the BE folder & they can't copy the BE
    That is definitely my biggest obstacle. It is hard to wrap my head around on how I can limit user access to the BE folder but allow the users with a FE to access it. My thought was to use some kind of network folder password. I don't know if access would play nice with some kind of network password. Thank you for the reply.

  6. #6
    Micron is online now Virtually Inert Person
    Windows 10 Access 2016
    Join Date
    Jun 2014
    Location
    Ontario, Canada
    Posts
    12,737
    how I can limit user access to the BE folder but allow the users with a FE to access it
    Can't folder access be controlled via network groups and permissions? Surely you have that situation now so that not everyone in the entire organization can open every folder on a drive? IMHO, you have to evaluate the level of protection needed against the known threat. Colin is quite good on the subject, but as he says, it's a lot of work. Note that you can password protect a be and pass that value in its opening code, which can't be viewed if it's an accde. However, it's not bullet proof. Send me an fe and be and I'll tell you what the password is, but that's because I know where to find it. If all you need to do is keep out the usual user, it might be good enough - but don't forget what it is.

    If your concern is that someone with permissions on a folder could copy the be and fe and maybe know how to find the password, then associating the be to a particular server (or at least network path) may be the way to go. I would think someone would have to know what the db contains to want to go to the trouble of recreating that path, starting with changing their drive's volume name.
    The more we hear silence, the more we begin to think about our value in this universe.
    Paraphrase of Professor Brian Cox.

  7. #7
    darklich is offline Novice
    Windows 10 Access 2003
    Join Date
    Oct 2018
    Posts
    5
    I'm starting to think that total security is impossible when remotes are allowed. Especially if they are not IP white listed. What a shame.

  8. #8
    isladogs's Avatar
    isladogs is offline MVP / VIP
    Windows 10 Access 2010 32bit
    Join Date
    Jan 2014
    Location
    Somerset, UK
    Posts
    5,954
    There is no such thing as total security on any computer system.
    Access can be made very secure and SQL Server has high level security features.
    However a knowledgeable hacker can break into any computer system, no matter how secure, given sufficient time and determination.
    What you can do is make their job as difficult as possible.
    Colin, Access MVP, Website, email
    The more I learn, the more I know I don't know. When I don't know, I keep quiet!
    If I don't know that I don't know, I don't know whether to answer

  9. #9
    darklich is offline Novice
    Windows 10 Access 2003
    Join Date
    Oct 2018
    Posts
    5
    We've decided to disable all remote access. It seems to be the only prudent course of action. I thank you for the responses. Very helpful.

Please reply to this thread with any new information or opinions.

Similar Threads

  1. Password protect a design
    By Skydiver16 in forum Database Design
    Replies: 2
    Last Post: 08-06-2016, 04:08 AM
  2. Password Protect Field
    By KMan in forum Access
    Replies: 1
    Last Post: 06-20-2016, 07:56 AM
  3. Replies: 4
    Last Post: 11-28-2014, 01:43 AM
  4. password protect form
    By nkuebelbeck in forum Forms
    Replies: 2
    Last Post: 01-15-2012, 01:02 PM
  5. Password Protect Forms
    By Robert M in forum Programming
    Replies: 3
    Last Post: 01-15-2010, 01:50 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Other Forums: Microsoft Office Forums