Locking down Access database

[Ace71425]

Hello. I am looking for a way to completely lock down my Access database like full force. Here is what i've accomplished so far...I have an access database split with front and back end and vba code that hides the access window so the forms all run modeless as if it were its own separate program. Everything works great. So, i've locked the backend and relinked the tables so the tables can be accessed from the front end forms but the backend cant be accessed or imported without the password. I've also locked down all the vba code and the shortcut menu on the forms and super error trapped so nobody can access the code or "trick" the form into letting them into the backend or frontend forms, queries, and tables. So basically I'm done right? But wait....If somebody sets their access security to disallow macros and opens the front end then it wont hide the access window and they can access all the forms and queries and tables. I tried encrypting the front end but then it prompts the user for password when they open it which I can't have...I can't have a coded exe open the front end with the password because the same problem ensues and I also cant just hide the objects menu and toolbar because let's be honest anyone with half a brain can bypass that. So any ideas on how to lock the front end if a user doesnt allow macros?

 

[Micron]

I've never had to worry about it to the degree you're after since all a user can do with an mde or accde is view query and table design but not forms, reports or modules. The basic problem is that Access, with the highest degree of protection you can employ, is less secure than the least protected true executable. So this is just an idea I thought of: have the application display a timer form (options-current database) whose load event calls the timer event. On the timer event, test for the existence of your main form, which would be opened by an auto exec macro. If it's there, just close the form; if not there, set the interval to x seconds. You have x seconds to open the main form manually, or take some other action (like maybe a double click event on the timer form that causes it to close). Otherwise, call application.quit after x seconds. This is all just untested, and assumes you have disabled the shift bypass and that no one is smart enough to know how to over-ride that from another db. There is something called the ddl property of the shift bypass code that when set, supposedly disarms the abiltity to perform the over-ride, but my limited research on the topic suggests it only works in conjuction with an mdw file. Perhaps you can find out more about that in your research; my needs were not great enough that I was able to devote enough time to the subject. If you come up with a solution, I'd sure hope you post it here.

 

[Ace71425]

Thanks for the idea I'll look into it. I do know how to disable the shift bypass so from that and my post I would actually say the database is pretty infallible other than the front end not being completely locked down if someone doesn't enable macros...although I know you can do all this crazy stuff like convert the file to hex code and actually find or bypass the password but ya know like you said an access database can never be truly locked down like an exe

 

[Ace71425]

If you're interested here's what I ended up doing...As I already stated my database hides the access window and all the forms are modeless. You lock the backend and relink the tables so the front end can access it without the password. Then you lock the front end and all the vba and change the accdb extension to a runtime accdr. Then you make an EXE that opens the accdr with the password for the user. So now it bottlenecks opening the database through the exe and somebody could try to change the extension back to accdb and shift in but it would require the password. This also prevents any importing of the tables or forms through a blank database. So as far as I can tell this is pretty much a ironclad lockdown on the database despite so many people online saying how its not possible. Now someone could probably still hack in somehow someway but they would have to work for it.

 

[Micron]

Just back from vacation, thus the late response. Thanks for posting your solution. Without investigating further, I do believe it's possible to expose the password used to link to the back end tables by retrieving it from the (MySys?) table. Not sure how that would affect your protection efforts, given the depth you have gone to. As you say, one would have to work for it. Hope it works as you expect.