Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.6k views
in Technique[技术] by (71.8m points)

vba - Prevent enabling of shift bypass - Access 2010

I am trying to prevent database users from being able to view the linked tables in the navigation pane of an Access 2010 database. I have hidden the pane and disabled the F11 key.

I am aware that you can disable the functionality of the SHIFT key that permits you to bypass the access start-up options as per this article.

My question is whether it is possible to prevent a user from re-enabling the shift key either from within the database itself or remotely via another database. If this is not possible does anyone know of the next best method I can use to prevent users viewing the tables in the navigation pane (I know access isn't the most secure database but it's all we have in the office atm)

Thanks

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

My approach to security in Access is the following:

Encrypt the main database using a complex password.

Use a second database to log in to this encrypted database. The second database stores usernames, user salts, and an encrypted version of the main database password with the user password. This way, no user needs to have the main password.

Then, compile the second database, so it's harder to modify the database and print the main encryption key.

Weaknesses:

  1. Revoking access to a certain user only works if he doesn't have a backup of the login database (or you have to change the encryption key on the main database, forcing you to recreate accounts for every user).
  2. The encryption I'm using is RC4 (implementation in VB by wqw found as an answer here), which isn't that strong
  3. A tech savvy user that has a valid password could decompile the database and use it to acquire the main database password
  4. If you're not signing your databases and enforcing all databases to be signed, someone might modify or replace it to weaken security

To go through all the details is too much, so here is my implementation.

File metadata: size: 672 KB, SHA1 hash: 19A6C756B8D5B0CDCEBE505B289062A1BBD94DEC

Quick manual: on first run it prompts main database password, location, first user name and password. After that, you can just use the forms to do anything you want.

Note that it's earlier work, and I haven't deeply thought about SQL injection (I use doublequote escaping and am ashamed for it). However, this isn't a security risk for the main database, it only opens up a possibility for a destructive hack (and someone with write access to the database file can probably destroy it anyway).

It's not compiled and menus aren't hidden, so you can easily inspect and modify it. When implementing it, hide all menus and compile it.

The database, as all SO content, is licensed CC BY SA 3.0


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...