Real World Microsoft Access Database Protection and Security
What is it that We Should be Concerned About?
Microsoft Access has a number of flaws that have made parts of its security defenses easy to breach. Before proceeding with those discussions, here are some of the positive things that you can do to make sure that you can minimize the effect of those flaws:
-
You can use workgroup security to stop people from importing objects from your database into a blank database.
-
If you are using database encryption, make sure that you are using it in tandem with workgroup security, or you will find that the encryption is virtually useless.
-
You can use database encryption in tandem with email attachment size limits to stop users from emailing large databases.
-
You can open a password-protected database by using automation in Access 2002 or later.
Now I will summarize how these technologies and the security issues that surround them are relevant to the IT manager, the DBA, and the developer.
Overview for the IT Manager
If you are an IT manager and your developer has told you that he has secured your database, you naturally would want to believe him. Unfortunately, you should be concerned with some significant issues, including the following:
-
If your database relies on database passwords or workgroup files where the developer and the users share the same workgroup file, then password retrieval software negates the effectiveness of that security.
-
If the security of your database relies on the users being sheltered from the objects and data by a specially designed user interface, then you must protect the database from the Access Import menu command.
Conversely, IT managers can rest a little bit easier because the flip side of the password retrieval software is that it will allow you to recover database, workgroup, and VBA Project passwords if the people that add that sort of protection go walkabout.
Overview for the DBA and the Developer
DBAs and developers need to be concerned with all the issues relevant to the IT manager, as listed previously. You also need to check whether your database is encrypted without cause, which will affect both the performance of your database and the compaction of the database into archives. You may also want to have your users log on to a password-protected database through automation so as not to disclose the database password or the location of the database.
Developers should be aware that the VBA Project password is also susceptible to password retrieval software, but in my opinion, this protection is worth persevering with if you are delivering your software in MDB format and you need protection rather than the security offered by the MDE format (discussed in Chapter 11).