Summary

In most business environments, it is good practice — even essential — to institute some level of security for an Access database application. There are several factors that help determine what is appropriate for the situation, but typically the result is a combination of methods that will provide the most cost-effective solution for the business needs. Simply implementing Access security alone is not always sufficient. Environmental factors play a large part in the security puzzle. Adding firewalls, network security, and strong business rules must complement the security features that Access can provide.

This chapter reviewed the three major security features available in the ACCDB file format. Shared-level security password protects and encrypts the database so that the raw data contained in the file is protected from intruders. Locking the VBA project enables you to distribute the code with the database while not allowing unauthorized users to view or make changes to it. Compiling the database to an ACCDE file enables you to remove all source code from the database and prevent any modification to the code in the database solution. Used separately or in combination, these features enable you to provide a robust security model for ACCDB database solutions.

This chapter also discussed the security features available for MDB file format databases. MDB supports applying a password to the database to implement shared-level security. Creating an MDE database file compiles and removes the source code from the database, preventing users from making changes to the database solution code. Encoding the database prevents (or at least seriously challenges) unauthorized users from viewing or manipulating the physical data stored in the MDB file. Implementing user-level security can help enforce business rules and regulate which actions users and groups can perform for any given database object independently. Although user-level security can be complicated and costly to set up and to maintain, it is typically worth the effort in a controlled business environment where many users have access to a particular database file. But remember, there are products that can overcome userlevel security, so it is important to be aware that anyone in possession of the secured database may be able to retrieve the data it houses. In many cases, with the proper network security, a user could open, copy, or even delete the database.

There are also several options for working with security. Many developers may want to use a combination of the User-Level Security Wizard and code. The wizard is excellent for establishing users and groups for user-level security. However, many developers may want to use code to make changes after the initial permissions have been set. And it's certainly handy to use code to generate custom documentation about user-level security. Either way, you are sure to find that Access provides powerful solutions for developing secure applications.

The Access help files, knowledge base articles, and MSDN all provide useful instructions and guidance about various aspects of Access security and how to secure data and code. Chapter 22 covers more information about macro security how Access enhances protection for machines from malicious database attacks that use code in database files.

0 0

Post a comment