Security for the Accdb File Format

One of the new features of Microsoft Office Access 2007 is a file format: ACCDB. The security features available for it are somewhat different than those provided for the MDB file formats in a number of ways. This section discusses the security available for ACCDB files.

The five different forms of database security for the ACCDB file format are as follows:

□ Shared-Level Security: There is one simple form of shared-level security provided by the Access Connectivity Engine for ACCDB: Encrypt Database with Password. Access 2007 uses a password in combination with the RC4 encryption standard to encrypt the contents of a database file. When this security is enabled, the user is required to enter the password before he can open the database and read the contents. In addition, the data in the database is encrypted so that opening a file with a text editor does not reveal the raw data contained in the database. This type of security works well in small workgroups where it isn't necessary to know who opened the database or to restrict users from altering any objects in the database. This feature is new to Access; it replaces both database passwords and database encoding, effectively combining them into one package.

□ Compiled Database Code: Compiling the VBA code project for the database application produces an Access Compiled Database (ACCDE) file. When a database is compiled, the code is compiled to a binary format, removing the readable code from the database file, which means that forms, reports, and modules cannot be modified or exported to another database. This method can be used to protect intellectual property rights, as well as to prevent users from modifying the code in the VBA project in the database. The compiled database security method is commonly used when you want to block users from changing the application's code.

□ VBA Project Passwords: Placing a password on the VBA project can prevent unauthorized users from opening or modifying the code in the database, while still enabling you to distribute the complete code in the application, allowing authorized personnel to make changes to the code. This protection method includes modules, classes, and code behind forms and reports. Be aware that a VBA password in no way secures or abstracts the data in the database, nor does it deter users from interacting with application data in any way. It only protects the VBA code and the code project in the database.

□ Package Database as Signed Cab: The Package as Signed Cab file feature allows users to create a signed database package file for the purpose of securely transferring the database to another user. The receiver of the database package can be assured that the database has not been tampered with and that the database is authentic via the use of a digital signature. This can be used only as a means to verify the database file after it has been transferred. Because it isn't a security feature for use when the database is loaded, its full description is covered in Chapter 22.

□ Disabled Mode: When Access is open in disabled mode, all code and unsafe macros in a database are disabled by default and cannot be run until the database is trusted by the user in one of two ways:

□ Users can trust the database and enable code in any given, non-trusted database on an individual basis, by enabling the database from the Options button on the message bar.

□ A user can flag directories as trusted locations on the machine and, in that case, any database in a flagged directory is enabled by default with full code and macros execution.

This feature is new to Access and replaces macro security from Access 2003. It is also fully discussed in Chapter 22.

In some cases, more than one security method may be applied to a database at the same time to enhance database security. The first three of these security features are discussed in this chapter (the last two are covered in Chapter 22). The Access 2007 security features enable you to provide a fairly robust security model for your database solution. Altogether, these features substantially improve database and application security for both you and the user.

If you are familiar with previous versions of Access security, you may have noticed that one of the major security features in the MDB file format is missing. User-level security has been deprecated and is not available for the ACCDB file format. Fortunately, it's still supported for MDB file formats using Access 2007. User-level security is explored later in this chapter.

0 0

Post a comment