RE: FN-FORUM Access 2000 Quickun

date posted 1st October 2002 18:27

Hi Dave,

Been considering using an encrypted access db with user level access
to store credit card numbers.

Plan was...
1. Insert Query, to add new records
2. Secure page for web users to insert
3. User with permission to run the query (like a stored proc) but not
read the data
4. Admin user with permission to read the data
5. Password protected secure page for reading the data

this way, the only password on the server would be the update user, so
as long as access was crack proof (?) all would be safe.

However, Access won't allow a user to insert without access to reading
the data, so, well, open to suggestions.

Anyway thanks to Kathy and yourself, Ant.

-----Original Message-----
From: [EMAIL REMOVED]
[EMAIL REMOVED] Behalf Of David Nye
Sent: 01 October 2002 17:08
To: [EMAIL REMOVED]
Subject: RE: FN-FORUM Access 2000 Quickun


You need to define "secure" for me to answer that properly.

User level security is quite hard to implement properly; the Access 97
wizard did not seem to do the job properly when I tried it, so I have
been doing it myself ever since. In fact the Access 97 documentation,
third party books, and M$ white papers did not seem to quite tie up with
reality either, but I have not checked more recent docs. I have not yet
seen an application produced by someone else which does implement the
system properly, so the few supposedly secured third party apps I have
worked on have been very easy to "break" into.

All the non-trivial Access apps I develop include some form of user
level security setup, even if just to protect the design from fiddling
users. I am not aware of it having failed yet. But the removal of VBA
code from the user level scheme in Access 2000 up is a real pain in the
butt. I hope they reverse that change soon!

David Nye
http://dnye.co.uk
Business Systems, Database & Internet Applications Design & Development.
Microsoft SQL Server, Access, ASP & VB Programming.

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.385 / Virus Database: 217 - Release Date: 04/09/2002



============================================================
= Advanced web hosting solutions from Saffas. =
= Unix, PHP, mySQL, SSL, Perl, Control Panel, 24/7 access. =
= Why pay more for less? http://www.saffas.com =
============================================================

Sponsor the forum for as little as £1 at:

http://www.freelancers.net/cgi/sponsor.cgi?action=show


Advertise with Freelancers.net +Additions+

http://www.freelancers.net/advert.php


Freelancers and Freelance Jobs:
http://www.freelancers.net

Forum FAQs:
http://freelancers.netrickery.com

To unsubscribe please email:
[EMAIL REMOVED]

If you have difficulties unsubscribing please email:
[EMAIL REMOVED]