views:

46

answers:

3

I’ve been working on a few small scale Access projects that have turned large scale rather quickly. The original designer implemented next to zero security and everyone can just walk in with a simple shift enter, way beyond just a security hole for nuclear submarines to dive through and that has always drove me bonkers.

With that said, users are currently on Office 2000, migrating slowly into 2003. I have taken this opportunity to convince higher parties to implement said security through the use of built in access tools.

Next I get to go through hundreds of functions and forms to pop in option explicit to define all the data types restricting the compile to MDE and clean up memory that was not done for some reason. There are some sensitive connection strings in the code that are plain as day that need to be compiled to reduce the risk factor.

My questions involve both the upgrade to 2003+ and the built in security. And yes, this is what I'm stuck with using unless I really want to redo everything in Visual FoxPro but building a porsche with rocks... not my idea of a good time.

  • When moving into office 2007, are there any major holes that I should be working around ahead of time? Within the next year and a half the whole business is supposedly upgrading to this and I’ve only heard horror stories about changed/obsolete functions

  • Are there any major bugs that can/will happen because of the use of the workgroup file and permissions? Tricks I should know ahead of time if something crazy happens to lock everyone out of it?

  • In the sandbox, I have not implemented the Encryption feature. Pros/Cons, Risks?

Any other good tips? I realize the broadness of this question and have a few good books on hand here (Professional Access 2000 Programming, Access Developers 2002, Developing Solutions with Office 2000 Components and VBA) but obviously these are before the time of current Access and Jet technology. If anything, a good book recommendation would be a booster for me, anything to give me a head start. Right now I really need to devour this security issue, its beyond just out of hand considering the sensitivity of the information at hand.

Thanks for reading my dreaded wall of text o.O

+1  A: 

User level security does not exist for Access 2007 files (http://office.microsoft.com/en-us/access/HA101662271033.aspx). If the data is very sensitive, you may wish to consider a different back-end.

Remou
Ouch. I'm assuming I would have to keep the file in the 2000/2003 format to use this level of security based on the reading. What capabilities of 2007 would I not have access to using these older formats on a newer version?
Mohgeroth
You may find some useful notes here: http://allenbrowne.com/Access2007.html
Remou
The comment is WRONG. The new ACCDB format doesn't support it, but MDB is a native A2007 format, and most experienced Access developers who don't need Sharepoint integration stick with MDBs. The only new features in ACCDB are a handful of new data types that were introduced for Sharepoint compatibility. One or two of them might actually be useful outside that context.
David-W-Fenton
A: 

I would wait until A2010 is out before making any determination about upgrades beyond A2003. A2003 is fine for now, seems to me. I certainly wouldn't want to wade into targetting development to A2007 with A2010 coming out so soon and having so many really great new features (table-level data macros, really useful additions to Sharepoint integration that make a lot of really huge things possible, to name just two). My plan is to skip A2007 with clients (though I have it installed now and am playing with it so that I'll be better prepared when 2010 comes out).

One thing that doesn't often get mentioned about A2007 is that the Office FileSearch object was removed in Office 2007. If your app uses it, you can use my File Search class module to replace it. I've had it in production use since June (when I created it), but just released it more widely and am currently troubleshooting some issues that seem to be related to file names with odd characters.

David-W-Fenton
+1  A: 

If the data is truly that sensitive it shouldn't be stored in an Access database file. Anyone can copy the entire data MDB/ACCDB and take it home with them to analyze at their leisure. Instead the data should be upsized to a database engine such as SQL Server.

Keep the current Access queries, forms and reports but get the data into a format that isn't so easy to steal.

Then think about limiting their views, logging the queries they run and such.

Tony Toews