|
Home > Archive > MS Access Multiuser > January 2006 > multi user and security/mdw help!
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
multi user and security/mdw help!
|
|
|
| I'm currently setting up a multiuser app, and will be splitting into
fe/be. I will be deploying the f/e as an mde runtime version
Do I need to add the users to the system.mdw and/or setup the security
file?
My main concern is that everyone will be logged into Jet as Admin, if
I don't.
I hadn't really wanted to get involved with the security settings, but
now wonder if this would cause problems down the road, with many users
all logged in as Admin.
Any thoughts on this greatly appreciated.
Andy
| |
| Sylvain Lafontaine 2005-12-18, 1:24 pm |
| http://support.microsoft.com/?id=207793
--
Sylvain Lafontaine, ing.
MVP - Technologies Virtual-PC
E-mail: http://cerbermail.com/?QugbLEWINF
"andy" <andy@andynot.com> wrote in message
news:CfKdnZnOdtaSNzj
eRVn-iA@rogers.com...
> I'm currently setting up a multiuser app, and will be splitting into
> fe/be. I will be deploying the f/e as an mde runtime version
> Do I need to add the users to the system.mdw and/or setup the security
> file?
> My main concern is that everyone will be logged into Jet as Admin, if
> I don't.
> I hadn't really wanted to get involved with the security settings, but
> now wonder if this would cause problems down the road, with many users
> all logged in as Admin.
> Any thoughts on this greatly appreciated.
> Andy
| |
|
| "Sylvain Lafontaine" <sylvain aei ca (fill the blanks, no spam
please)> wrote in news:OhoxRIABGHA.4036@TK2MSFTNGP10.phx.gbl:
> http://support.microsoft.com/?id=207793
Already looked at that, Sylvain, but didn't notice any warnings about
everyone using admin. Although section 2 paragraph "Setting a
password" does allude to this, it has no "downside" or warning about
doing this.
Did you have a specific topic I should look at?
Andy
| |
| Rick Brandt 2005-12-18, 1:24 pm |
| andy wrote:
> I'm currently setting up a multiuser app, and will be splitting into
> fe/be. I will be deploying the f/e as an mde runtime version
> Do I need to add the users to the system.mdw and/or setup the security
> file?
> My main concern is that everyone will be logged into Jet as Admin, if
> I don't.
> I hadn't really wanted to get involved with the security settings, but
> now wonder if this would cause problems down the road, with many users
> all logged in as Admin.
> Any thoughts on this greatly appreciated.
> Andy
There is no problem per se with everyone logging in as Admin. The reason to use
security is when you want to impose limits on what users can do. If that is not
a concern then setting up security would be a waste of time and effort.
--
I don't check the Email account attached
to this message. Send instead to...
RBrandt at Hunter dot com
| |
|
| "Rick Brandt" <rickbrandt2@hotmail.com> wrote in
news:stipf.45856$D13.17454@newssvr11.news.prodigy.com:
> andy wrote:
into[color=darkred]
if[color=darkred]
many[color=darkred]
>
> There is no problem per se with everyone logging in as Admin. The
> reason to use security is when you want to impose limits on what
users
> can do. If that is not a concern then setting up security would be
a
> waste of time and effort.
>
I think restricting the users making changes is covered by the fact
that they're using a runtime mde, so if that's the only issue, I
guess I don't need to setup the security file? I just found in the
past this can be a real pain, especially when I add forms or other
elements to the program, then have to go back to the mdw, etc. Thanks
for your help.
Andy
| |
| Douglas J. Steele 2005-12-18, 8:26 pm |
| "andy" <andy@andynot.com> wrote in message
news:muGdne4i1cwbJTj
enZ2dnUVZ_t-dnZ2d@rogers.com...
> "Rick Brandt" <rickbrandt2@hotmail.com> wrote in
> news:stipf.45856$D13.17454@newssvr11.news.prodigy.com:
>
> users
> a
>
> I think restricting the users making changes is covered by the fact
> that they're using a runtime mde
Unless you've set proper security on the back-end, they'll be able to create
any front-end they want, link it to your back-end and make any changes they
want.
--
Doug Steele, Microsoft Access MVP
http://I.Am/DougSteele
(no e-mails, please!)
| |
| Rick Brandt 2005-12-18, 8:26 pm |
| andy wrote:
> I think restricting the users making changes is covered by the fact
> that they're using a runtime mde, so if that's the only issue, I
> guess I don't need to setup the security file? [snip]
If you are only concerned about them making design changes to objects then yes
an MDE takes care of that. An MDE does nothing to restrict what they can do
with the DATA though.
--
I don't check the Email account attached
to this message. Send instead to...
RBrandt at Hunter dot com
| |
|
| "Douglas J. Steele" < NOSPAM_djsteele@NOSP
AM_canada.com> wrote in
news:eDzY#3ABGHA.208@tk2msftngp13.phx.gbl:
> "andy" <andy@andynot.com> wrote in message
> news:muGdne4i1cwbJTj
enZ2dnUVZ_t-dnZ2d@rogers.com...
be[color=darkred]
>
> Unless you've set proper security on the back-end, they'll be able
to
> create any front-end they want, link it to your back-end and make
any
> changes they want.
>
I guess I should add that it is running (still testing, though) on a
win2k terminal services computer, and that's locked down so the app
opens after login, and that's all they can use - except to logout.
Even
if they close the app it logs them out. Am I missing anything with
this, Doug, or does your warning still hold true, even in this
environment?
I have another multiuser running over a lan, and did do the
security/mdw
setup, and works fine, but didn't think I'd need it for this app,
because of the nature of the user's access. But then started thinking
about corruption/locking.
I'm mostly concerned with any wierd locking or corruption issues that
might result because of so many "Admin" users - possibly 5 - 6 logged
in
concurrently (aside from handling the record locking from inside
access).
Any other issues I might be overlooking? It's acc97 sp2, and latest
jet
sp.
I appreciate your help.
Andy
| |
|
| "Rick Brandt" <rickbrandt2@hotmail.com> wrote in
news:Fzjpf.36670$q%.430@newssvr12.news.prodigy.com:
> andy wrote:
>
> If you are only concerned about them making design changes to objects
> then yes an MDE takes care of that. An MDE does nothing to restrict
> what they can do with the DATA though.
>
What do you mean "do with the DATA", Rick?
They don't have an interface to modify queries, except predefined ones,
and parameters are set by list/combo boxes.
| |
| Sylvain Lafontaine 2005-12-18, 8:26 pm |
| I don't want to be rude but I don't understand why you didn't state that
from the beginning instead of sending us on a wild goose chase.
The security features of Access are pretty limited (with or without a MDW)
and the fact that all users will use Admin don't change anything about
potential locking and corruption problems. The use of TS will greatly
reduce the risk of corruption rising from potential weakness issues on the
LAN but still these risks won't go down to zero.
For the security of the backend data, the use of a MDE file will not forbid
the possibility of an user make a direct connection to the backend
file/tables using another MDB file; so you still must use an MDW file if you
want to protect your data (and even then, many peoples will tell you that
even this combination is not so secure).
--
Sylvain Lafontaine, ing.
MVP - Technologies Virtual-PC
E-mail: http://cerbermail.com/?QugbLEWINF
"andy" <andy@andynot.com> wrote in message
news:_ZudnWeZh86rVTj
enZ2dnUVZ_vudnZ2d@ro
gers.com...
> "Douglas J. Steele" < NOSPAM_djsteele@NOSP
AM_canada.com> wrote in
> news:eDzY#3ABGHA.208@tk2msftngp13.phx.gbl:
>
> be
> to
> any
> I guess I should add that it is running (still testing, though) on a
> win2k terminal services computer, and that's locked down so the app
> opens after login, and that's all they can use - except to logout.
> Even
> if they close the app it logs them out. Am I missing anything with
> this, Doug, or does your warning still hold true, even in this
> environment?
>
> I have another multiuser running over a lan, and did do the
> security/mdw
> setup, and works fine, but didn't think I'd need it for this app,
> because of the nature of the user's access. But then started thinking
> about corruption/locking.
>
> I'm mostly concerned with any wierd locking or corruption issues that
> might result because of so many "Admin" users - possibly 5 - 6 logged
> in
> concurrently (aside from handling the record locking from inside
> access).
>
> Any other issues I might be overlooking? It's acc97 sp2, and latest
> jet
> sp.
>
> I appreciate your help.
> Andy
>
>
>
>
| |
|
| "Sylvain Lafontaine" <sylvain aei ca (fill the blanks, no spam please)>
wrote in news:#TgajaDBGHA.2568@TK2MSFTNGP10.phx.gbl:
> I don't want to be rude but I don't understand why you didn't state
> that from the beginning instead of sending us on a wild goose chase.
>
> The security features of Access are pretty limited (with or without a
> MDW) and the fact that all users will use Admin don't change anything
> about potential locking and corruption problems. The use of TS will
> greatly reduce the risk of corruption rising from potential weakness
> issues on the LAN but still these risks won't go down to zero.
>
> For the security of the backend data, the use of a MDE file will not
> forbid the possibility of an user make a direct connection to the
> backend file/tables using another MDB file; so you still must use an
> MDW file if you want to protect your data (and even then, many peoples
> will tell you that even this combination is not so secure).
>
Gee, I hope I didn't put anyone to a lot of trouble, as sending people on a Wild Goose Chase wasn't my intention.
I guess I could have made my reason more clear, but since Rick answered very succinctly:
"There is no problem per se with everyone logging in as Admin. The reason to use
security is when you want to impose limits on what users can do. If that is not
a concern then setting up security would be a waste of time and effort."
I thought I was coming across pretty clearly. My mistake, and again, I hope I didn't put anyone out, as Sylvain suggested.
Andy
| |
| Rick Brandt 2005-12-18, 8:26 pm |
| andy wrote:
> Gee, I hope I didn't put anyone to a lot of trouble, as sending
> people on a Wild Goose Chase wasn't my intention.
> I guess I could have made my reason more clear, but since Rick
> answered very succinctly:
>
> "There is no problem per se with everyone logging in as Admin. The
> reason to use
> security is when you want to impose limits on what users can do. If
> that is not
> a concern then setting up security would be a waste of time and
> effort."
>
> I thought I was coming across pretty clearly. My mistake, and again,
> I hope I didn't put anyone out, as Sylvain suggested. Andy
Well the use of Terminal Server is a pretty major piece of the puzzle. Normally
anyone who links to a back end Access file must have full permissions to that
file and to the folder where it resides. This means that the file can be
accessed from any front end file or directly and the data modified or deleted.
Implementing user level security would be necessary to prevent this.
The fact that your back end is on a TS box and you are only providing access to
it via a published app front end changes all of that and therefore any
additional security should not be necessary.
--
I don't check the Email account attached
to this message. Send instead to...
RBrandt at Hunter dot com
| |
|
| "Rick Brandt" <rickbrandt2@hotmail.com> wrote in
news:rEopf.34180$7h7.33644@newssvr21.news.prodigy.com:
>
> The fact that your back end is on a TS box and you are only providing
> access to it via a published app front end changes all of that and
> therefore any additional security should not be necessary.
>
>
I really didn't realize my question was a puzzle, as I thought your
first answer to my post said it all, perfectly.
But, I just didn't make myself clear enough, I guess.
Again, thanks for your help.
Andy
| |
| Joan Wild 2005-12-19, 9:24 am |
| It isn't the fact that you have multiple users named 'Admin' that will cause
any issues (like corruption). It's the fact that you have multiple users
(period) using the same frontend that will cause problems. Security really
isn't the issue here.
Even in a terminal server environment, each user needs to run their own copy
of the frontend. Have a read...
http://www.granite.ab.ca/access/terminalserver.htm
As for security, if the frontend is a MDE then users won't be able to change
any forms/reports/modules. However they could still modify queries. Since
they need full permissions on the folder where the backend is, they can open
this (or link to the tables from another mdb) and modify things. You
can/should lock down the frontend so that users can't get to the database
window; set the startup properties (tools, startup), to display only your
forms/reports, and use custom menu/toolbars throughout that restrict users.
This won't keep the determined out, but can go a long way to keeping the
average user on the straight and narrow.
--
Joan Wild
Microsoft Access MVP
andy wrote:
> "Rick Brandt" <rickbrandt2@hotmail.com> wrote in
> news:Fzjpf.36670$q%.430@newssvr12.news.prodigy.com:
>
>
> What do you mean "do with the DATA", Rick?
> They don't have an interface to modify queries, except predefined
> ones, and parameters are set by list/combo boxes.
| |
|
| "Joan Wild" <jwild@nospamtyenet.com> wrote in
news:OVp$S1KBGHA.3916@tk2msftngp13.phx.gbl:
> As for security, if the frontend is a MDE then users won't be able to
> change any forms/reports/modules. However they could still modify
> queries. Since they need full permissions on the folder where the
> backend is, they can open this (or link to the tables from another
> mdb) and modify things. You can/should lock down the frontend so that
> users can't get to the database window; set the startup properties
> (tools, startup), to display only your forms/reports, and use custom
> menu/toolbars throughout that restrict users. This won't keep the
> determined out, but can go a long way to keeping the average user on
> the straight and narrow.
>
>
Hi Joan,
Yes, each user will have their own fe, I'm very aware of that issue.
Regarding your comments "You can/should lock down the frontend so that
users can't get to the database window", I wondered that if all I have installed on the
ts box is the runtime mde can they still pull up the database window? I
thought that was if I had access installed, not the runtime only.
Thanks for your help,
Andy
| |
| Joan Wild 2005-12-19, 11:24 am |
| andy wrote:
>
> I wondered that if all I
> have installed on the ts box is the runtime mde can they still pull
> up the database window? I
> thought that was if I had access installed, not the runtime only.
Yes I missed that point; you are likely safe. I have never used the
runtime, but I'm sure your testing will be able to confirm this.
--
Joan Wild
Microsoft Access MVP
| |
|
| "Joan Wild" <jwild@nospamtyenet.com> wrote in news:Ozs3xQLBGHA.1088
@tk2msftngp13.phx.gbl:
> andy wrote:
>
> Yes I missed that point; you are likely safe. I have never used the
> runtime, but I'm sure your testing will be able to confirm this.
>
Yes, I have tested it with the shift key, but wondered if there was
another way to bring up the db window i.e. some undocumented key
combination.
Thanks, again,
Andy
| |
| Sylvain Lafontaine 2005-12-19, 8:26 pm |
| Probably they can't pull the database window but they still can use ADO and
standard scripting components to link to the backend database. If they
activate the ODBC tracing option, then editing your data will be probably a
no-brain possibility for them.
I'm not an hacker, so I don't know a lot about the possibilities of hacking
your configuration and getting access to your backend. However, without any
MDW file, you are probably making things very easy for any determined user.
Even with a MDW file, there will still be a lot of possibilities for a
hacker but at least, a great number of doors will be closed.
--
Sylvain Lafontaine, ing.
MVP - Technologies Virtual-PC
E-mail: http://cerbermail.com/?QugbLEWINF
"andy" <andy@andynot.com> wrote in message
news:78SdnRY3FZb5STv
eRVn-sQ@rogers.com...
> "Joan Wild" <jwild@nospamtyenet.com> wrote in
> news:OVp$S1KBGHA.3916@tk2msftngp13.phx.gbl:
>
>
> Hi Joan,
> Yes, each user will have their own fe, I'm very aware of that issue.
> Regarding your comments "You can/should lock down the frontend so that
> users can't get to the database window", I wondered that if all I have
> installed on the
> ts box is the runtime mde can they still pull up the database window? I
> thought that was if I had access installed, not the runtime only.
> Thanks for your help,
> Andy
| |
|
| "Sylvain Lafontaine" <sylvain aei ca (fill the blanks, no spam please)>
wrote in news:ueZPJbNBGHA.344@TK2MSFTNGP11.phx.gbl:
>
> I'm not an hacker, so I don't know a lot about the possibilities of
> hacking your configuration and getting access to your backend.
> However, without any MDW file, you are probably making things very
> easy for any determined user. Even with a MDW file, there will still
> be a lot of possibilities for a hacker but at least, a great number of
> doors will be closed.
>
I have the ts pc pretty well locked down, as upon login, the access mde is started. Upon exit/closing the mde, users are logged out of the ts pc. Minimizing the app simply reveals a blank desktop, and start menu only shows logoff icon. I've used gpo re
move everything, but logoff command/icon. I found appsec to be a bit of a pain, and gave me unexpected results, so I didn't use it. I think the gpo has taken care of everything I need - i ran thru all the hotkey combos both access and win2k and found no
ne work. So someone trying to fool with the the b/e mdw certainly has their work cut out for them.
Luckily, the only purpose of this ts pc is to serve up this access app, nothing else. No printer connections, either, as Reports are emailed to user, via Blat.
But again my main concern was really that of corruption or locking, by not having distinct users setup in the mdw. I do have a user login, to track changes to records, and email addresses, etc.
And again, my original post was not to confuse or have anyone go to any extra work, but rather a fault of not properly relating what I needed to use the mdw for. You have to remember that people coming into these groups to ask questions, aside from not k
nowing the answers, probably don't even understand how to ask the right questions, as we don't have the requisite knowledge to understand that our question might have many different possible answers. While I'm sure it's very frustating for the MVP's, it
is for the less educated, as well. This is probably especially true, where such a general question is being asked, which is why I referred back to Rick Brandt's answer, which aside from answering my question, also asked of me (indirectly) "what aspect of
the mdw are you interested in, security?"
Sorry for the long reply, but felt compelled to mitigate any problems my original question caused you or others.
Thanks again for your help, Sylvain!
Andy
| |
|
| > guess I don't need to setup the security file? I just found in the
> past this can be a real pain, especially when I add forms or other
BTW, it sounds like you were 'joining' a security group
to make changes to a secured FE.
:~) Nobody here does that. Instead, we all use a shortcut to
MSACCESS.exe which specifies the workgroup.
"c:\ ... \msaccess.exe /wrgrp "c:\ ...\mygrp.mdw" /user Dev
Note that even if you are using multiple user workgroups,
you can still use the same development workgroup and user
for all of your applications.
Also, you can use a development user and workgroup on
an 'unsecured' application - that is an application where all
the users still login as 'admin' using a default workgroup, but
have no development permissions.
BTW, we had for a couple of years a system similar to yours
for demonstrations, but we had to replace it with an HTML
system because corporate firewalls no longer permit users
to TS to a foreign server without special arrangements.
(david)
"andy" <andy@andynot.com> wrote in message
news:muGdne4i1cwbJTj
enZ2dnUVZ_t-dnZ2d@rogers.com...
> "Rick Brandt" <rickbrandt2@hotmail.com> wrote in
> news:stipf.45856$D13.17454@newssvr11.news.prodigy.com:
>
> into
> if
> many
> users
> a
>
> I think restricting the users making changes is covered by the fact
> that they're using a runtime mde, so if that's the only issue, I
> guess I don't need to setup the security file? I just found in the
> past this can be a real pain, especially when I add forms or other
> elements to the program, then have to go back to the mdw, etc. Thanks
> for your help.
> Andy
| |
| Sylvain Lafontaine 2005-12-19, 8:26 pm |
| For the corruption and locking problems, some peoples here will tell you
that by using TS, the risk of having a corrupt Access database is nearly
zero while some others will disagree and say that the risk is lower but not
zero.
However, probably that they will all agree on the fact that using the same
account (Admin) or with or without a MDW file change nothing about that.
Also, about your blank desktop, did you make sure that the contextual menu
(right click of the mouse) was also empty?
--
Sylvain Lafontaine, ing.
MVP - Technologies Virtual-PC
E-mail: http://cerbermail.com/?QugbLEWINF
"andy" <andy@andynot.com> wrote in message
news:43a71dcb$0$5393
$9a6e19ea@unlimited.newshosting.com...
> "Sylvain Lafontaine" <sylvain aei ca (fill the blanks, no spam please)>
> wrote in news:ueZPJbNBGHA.344@TK2MSFTNGP11.phx.gbl:
>
>
> I have the ts pc pretty well locked down, as upon login, the access mde is
> started. Upon exit/closing the mde, users are logged out of the ts pc.
> Minimizing the app simply reveals a blank desktop, and start menu only
> shows logoff icon. I've used gpo remove everything, but logoff
> command/icon. I found appsec to be a bit of a pain, and gave me
> unexpected results, so I didn't use it. I think the gpo has taken care of
> everything I need - i ran thru all the hotkey combos both access and win2k
> and found none work. So someone trying to fool with the the b/e mdw
> certainly has their work cut out for them.
> Luckily, the only purpose of this ts pc is to serve up this access app,
> nothing else. No printer connections, either, as Reports are emailed to
> user, via Blat.
>
> But again my main concern was really that of corruption or locking, by not
> having distinct users setup in the mdw. I do have a user login, to track
> changes to records, and email addresses, etc.
>
> And again, my original post was not to confuse or have anyone go to any
> extra work, but rather a fault of not properly relating what I needed to
> use the mdw for. You have to remember that people coming into these
> groups to ask questions, aside from not knowing the answers, probably
> don't even understand how to ask the right questions, as we don't have the
> requisite knowledge to understand that our question might have many
> different possible answers. While I'm sure it's very frustating for the
> MVP's, it is for the less educated, as well. This is probably especially
> true, where such a general question is being asked, which is why I
> referred back to Rick Brandt's answer, which aside from answering my
> question, also asked of me (indirectly) "what aspect of the mdw are you
> interested in, security?"
>
> Sorry for the long reply, but felt compelled to mitigate any problems my
> original question caused you or others.
>
> Thanks again for your help, Sylvain!
> Andy
| |
|
| < david@epsomdotcomdot
au> wrote in news:OsXWZxOBGHA.3936
@TK2MSFTNGP12.phx.gbl:
>
> BTW, we had for a couple of years a system similar to yours
> for demonstrations, but we had to replace it with an HTML
> system because corporate firewalls no longer permit users
> to TS to a foreign server without special arrangements.
>
> (david)
>
Nothing Corporate, here, this is for a small company, but which has
about 6 regional offices, with 1 or 2 people in each office, and
seemed like the fastest and cheapest way to do it. I really enjoy
this kind of setup, and it actually works really well via 56k dialup -
not like highspeed, but I did a demo for the dialup users and they
found it acceptable.
Thanks for your insight,
Andy
| |
|
| "Sylvain Lafontaine" <sylvain aei ca (fill the blanks, no spam
please)>
wrote in news:uJULBuPBGHA.1180@TK2MSFTNGP09.phx.gbl:
> For the corruption and locking problems, some peoples here will tell
> you that by using TS, the risk of having a corrupt Access database
is
> nearly zero while some others will disagree and say that the risk is
> lower but not zero.
>
> However, probably that they will all agree on the fact that using
the
> same account (Admin) or with or without a MDW file change nothing
> about that.
>
> Also, about your blank desktop, did you make sure that the
contextual
> menu (right click of the mouse) was also empty?
>
Couldn't remember, so I just checked - right clicking produces
nothing, no menu. Anything else you can think of I'm all ears,
Sylvain!!
Andy
| |
| Mikal via AccessMonster.com 2005-12-20, 3:25 am |
| I think you will find if you open one of your .mde files that you can create,
run and save new queries just like you can in the .mdb. You just can't
create forms and reports.
Mike
andy wrote:
>[quoted text clipped - 3 lines]
>
>What do you mean "do with the DATA", Rick?
>They don't have an interface to modify queries, except predefined ones,
>and parameters are set by list/combo boxes.
--
"We have met the enemy and he is us." -- Pogo Possum
Message posted via webservertalk.com
http://www.webservertalk.com/Uwe/Fo...tiuser/200512/1
| |
|
| "Mikal via webservertalk.com" <u16180@uwe> wrote in
news:59187e14afe04@u
we:
> I think you will find if you open one of your .mde files that you
can
> create, run and save new queries just like you can in the .mdb. You
> just can't create forms and reports.
>
> Mike
>
>
>
> andy wrote:
fact[color=darkred]
restrict[color=darkr
ed]
>
I understand, but I'll just be using a runtime version of access, not
the full one. Others have suggested there's many back doors to this,
but the pc I'm running it on is pretty secure, and don't think the
users
can do much except run the access mde program. Thanks for responding,
Andy
| |
|
| "Rick Brandt" <rickbrandt2@hotmail.com> wrote in
news:rEopf.34180$7h7.33644@newssvr21.news.prodigy.com:
>
> Well the use of Terminal Server is a pretty major piece of the
puzzle.
> Normally anyone who links to a back end Access file must have full
> permissions to that file and to the folder where it resides. This
> means that the file can be accessed from any front end file or
> directly and the data modified or deleted. Implementing user level
> security would be necessary to prevent this.
>
> The fact that your back end is on a TS box and you are only
providing
> access to it via a published app front end changes all of that and
> therefore any additional security should not be necessary.
>
>
Yes, I'm not worried about security, but rather corruption or other
problems caused by everyone using the Admin login, in the .ldb. I
wondered if anyone had experienced this sort of corruption, or way
down the road on a project, they realized an mdw was indeed necessary
(again, not counting security).
Thanks for your help, and any other tips or experiences greatly
appreciated.
Andy
| |
| david epsom dot com dot au 2005-12-20, 3:25 am |
| > Thanks for your insight,
Slightly more detail: we were using the TS ActiveX control
linked to a web page. Potential clients could click on the
link in our web page, it opened TS inside the browser window
with the demo login.
The demo login opened MSAccess as the command shell.
(david)
"andy" <andy@andynot.com> wrote in message
news:43a75ee4$0$2978
$9a6e19ea@unlimited.newshosting.com...
> < david@epsomdotcomdot
au> wrote in news:OsXWZxOBGHA.3936
> @TK2MSFTNGP12.phx.gbl:
>
>
> Nothing Corporate, here, this is for a small company, but which has
> about 6 regional offices, with 1 or 2 people in each office, and
> seemed like the fastest and cheapest way to do it. I really enjoy
> this kind of setup, and it actually works really well via 56k dialup -
> not like highspeed, but I did a demo for the dialup users and they
> found it acceptable.
> Thanks for your insight,
> Andy
| |
|
| >
I see, via web interface and security.
What was the demo program demonstrating?
| |
| david epsom dot com dot au 2005-12-20, 3:25 am |
|
"andy" <andy@andynot.com> wrote in message
news:43a7ae42$0$2963
$9a6e19ea@unlimited.newshosting.com...
>
> I see, via web interface and security.
>
> What was the demo program demonstrating?
It was a full copy of our application (which I don't
really discuss here). Potential customers could use the
actual application (with a demo data set)
Anyone could have looked at it, but in practice, we used
to direct potential clients to it while talking on the
phone.
We are now using "meeting" software, which enables
us to see the actual client screen while doing demo's,
which is better than our old system, but TS was really
easy to set up and include in the web site.
The "meeting" software we are now using uses only HTML
protocol, which is important to us, but we and our
clients have to log in to a provider server, which
is more work for everyone.
(david)
| |
|
| "david epsom dot com dot au" < david@epsomdotcomdot
au> wrote in
news:e9QOEXTBGHA.2040@TK2MSFTNGP14.phx.gbl:
> The "meeting" software we are now using uses only HTML
> protocol, which is important to us, but we and our
> clients have to log in to a provider server, which
> is more work for everyone.
>
> (david)
>
>
That's interesting, as earlier you mentioned:
"to TS to a foreign server without special arrangements"
And after reading your most recent post, I wondered if those "special
arrangements" are still viewed as more or less work, than your current
web based "arrangement" to demo the program?
I guess it wasn't your decision??
Andy
| |
| jacksonmacd 2005-12-20, 9:24 am |
| On 20 Dec 2005 03:04:47 GMT, andy <andy@andynot.com> wrote:
>"Rick Brandt" <rickbrandt2@hotmail.com> wrote in
>news:rEopf.34180$7h7.33644@newssvr21.news.prodigy.com:
>
>puzzle.
>providing
>
>Yes, I'm not worried about security, but rather corruption or other
>problems caused by everyone using the Admin login, in the .ldb. I
>wondered if anyone had experienced this sort of corruption, or way
>down the road on a project, they realized an mdw was indeed necessary
>(again, not counting security).
>Thanks for your help, and any other tips or experiences greatly
>appreciated.
>Andy
AFAIK, the ldb stores information about the *user* and the *machine*
that is connected to the database. Thus, each connection is kept
separate. The fact that all users share the same name is irrelevant.
********************
**
jackmacMACdonald@tel
usTELUS.net
remove uppercase letters for true email
http://www.geocities.com/jacksonmacd/ for info on MS Access security
| |
|
| No, it wasn't my decision, but it is a sales and marketing
decision, so I don't feel bad about that.
The point about logging in to the 'meeting' software is that
it is something a potential client can do, with coaching.
Defeating a corporate firewall to get Terminal Server through
has to involve separate IT people.
It's a sales barrier, but for serious sales prospects less of
a barrier than involving IT would be.
(david)
"andy" <andy@andynot.com> wrote in message
news:43a7b7f5$0$2926
$9a6e19ea@unlimited.newshosting.com...
> "david epsom dot com dot au" < david@epsomdotcomdot
au> wrote in
> news:e9QOEXTBGHA.2040@TK2MSFTNGP14.phx.gbl:
>
>
> That's interesting, as earlier you mentioned:
>
> "to TS to a foreign server without special arrangements"
>
> And after reading your most recent post, I wondered if those "special
> arrangements" are still viewed as more or less work, than your current
> web based "arrangement" to demo the program?
>
> I guess it wasn't your decision??
>
> Andy
| |
|
|
>
> AFAIK, the ldb stores information about the *user* and the *machine*
> that is connected to the database. Thus, each connection is kept
> separate. The fact that all users share the same name is irrelevant.
>
> ********************
**
> jackmacMACdonald@tel
usTELUS.net
> remove uppercase letters for true email
> http://www.geocities.com/jacksonmacd/ for info on MS Access security
>
Yes, I understand how things work, in theory, but was concerned about
any bad experiences doing without an mdw, and having strange results
later, possibly due to this issue. Or even just a design problem,
later, because of the absence of an mdw - things you can't do...like
a chess or pool game where you try to think as many moves ahead, as
possible.
Don't know if I'm missing the bigger picture is what I am trying to
find out, I guess, and the input from others has been good!
Thanks for your insight,
Andy
| |
| Rick Brandt 2005-12-21, 7:24 am |
| andy wrote:
>
> Yes, I understand how things work, in theory, but was concerned about
> any bad experiences doing without an mdw, [snip]
If you understood how things work you would know that there is always an MDW.
Access cannot be opened without one. If you haven't done anything to introduce
a specific one then the default (System.mdw) is used.
--
I don't check the Email account attached
to this message. Send instead to...
RBrandt at Hunter dot com
| |
|
| "Rick Brandt" <rickbrandt2@hotmail.com> wrote in
news:77cqf.35551$dO2.11363@newssvr29.news.prodigy.net:
> andy wrote:
connection[color=dar
kred]
about[color=darkred]
>
> If you understood how things work you would know that there is
always
> an MDW. Access cannot be opened without one. If you haven't done
> anything to introduce a specific one then the default (System.mdw)
is
> used.
>
Ok, customizing the mdw?
| |
| Joan Wild 2005-12-21, 11:24 am |
| >
> Yes, I understand how things work, in theory, but was concerned about
> any bad experiences doing without an mdw, and having strange results
> later, possibly due to this issue.
I'm not sure why you keep asking this. It's been answered multiple times.
Consider that probably 95% of mdb files out there are not secured, that
means there are millions of them in use with everyone silently logging in as
'Admin'. There is no problem with this.
> Or even just a design problem,
> later, because of the absence of an mdw
There is *never* an absence of a mdw. Every session of Access uses a
workgroup file. Out of the box, it uses system.mdw and silently logs you in
as Admin.
--
Joan Wild
Microsoft Access MVP
| |
|
| "Joan Wild" <jwild@nospamtyenet.com> wrote in
news:#LkIrWkBGHA.2704@TK2MSFTNGP15.phx.gbl:
about[color=darkred]
results[color=darkre
d]
>
> I'm not sure why you keep asking this. It's been answered multiple
> times. Consider that probably 95% of mdb files out there are not
> secured, that means there are millions of them in use with everyone
> silently logging in as 'Admin'. There is no problem with this.
>
>
> There is *never* an absence of a mdw. Every session of Access uses
a
> workgroup file. Out of the box, it uses system.mdw and silently
logs
> you in as Admin.
>
I guess customized mdw would have been more correct, then?
| |
|
| "Joan Wild" <jwild@nospamtyenet.com> wrote in
news:#LkIrWkBGHA.2704@TK2MSFTNGP15.phx.gbl:
about[color=darkred]
results[color=darkre
d]
>
> I'm not sure why you keep asking this. It's been answered multiple
> times. Consider that probably 95% of mdb files out there are not
> secured, that means there are millions of them in use with everyone
> silently logging in as 'Admin'. There is no problem with this.
>
>
> There is *never* an absence of a mdw. Every session of Access uses
a
> workgroup file. Out of the box, it uses system.mdw and silently
logs
> you in as Admin.
>
I don't think I keep asking it, I think others keep responding and I'm
trying to clarify my position. Is this wrong??
| |
| Joan Wild 2005-12-22, 9:24 am |
| andy wrote:
>
> I don't think I keep asking it, I think others keep responding and I'm
> trying to clarify my position. Is this wrong??
It isn't wrong, if the answers aren't clear to you. But everyone is telling
you the same thing with regards to not securing your mdb and everyone
logging in as Admin. This will not cause corruption. I don't see anyone's
response saying otherwise.
--
Joan Wild
Microsoft Access MVP
| |
|
| "Joan Wild" <jwild@nospamtyenet.com> wrote in
news:ugMu5YwBGHA.1036@TK2MSFTNGP10.phx.gbl:
> andy wrote:
>
> It isn't wrong, if the answers aren't clear to you. But everyone is
> telling you the same thing with regards to not securing your mdb and
> everyone logging in as Admin. This will not cause corruption. I
> don't see anyone's response saying otherwise.
But, I keep getting the impression from the other posts, that while
allowing everyone to login under Admin is fine, setting up your users,
in the mdw seems to be the norm? And if it's the norm, why is it the
norm? Just to stop the users from tampering?
Bear with me, and hopefully this will explain why I keep questioning.
Aside from this ts project, I have 2 another access projects running,
which are multiuser over a lan, and may have 5 to 8 concurrent users,
and around 15 user accounts, in each project. I setup everyone in the
mdw, and set the object permissions, etc.
I've never had the kind of corruption or other problems many have
asked about, in these groups. I consider myself a intermediate access
user and consider those that are having the problems about my level of
experience. Doing this new project, without customizing the mdw sort
of makes me wonder if I'm not missing something.
Do MVP's remember what it is like to be "nervous", over a new project,
and wonder if you have all the right bases covered??
I guess that's why I keep questioning.
Thanks for you help, Joan,
Andy
| |
| jacksonmacd 2005-12-22, 11:24 am |
| On 22 Dec 2005 16:23:54 GMT, andy <andy@andynot.com> wrote:
>"Joan Wild" <jwild@nospamtyenet.com> wrote in
>news:ugMu5YwBGHA.1036@TK2MSFTNGP10.phx.gbl:
>
>
>But, I keep getting the impression from the other posts, that while
>allowing everyone to login under Admin is fine, setting up your users,
>in the mdw seems to be the norm? And if it's the norm, why is it the
>norm? Just to stop the users from tampering?
That's one way to look at it! Security is about permissions, it is not
about preventing corruption. You implement security (ie. setting up
user and group accounts) to control what your users are allowed to do
in the database, or to implement a user-based auditing system. Neither
is feasible if everybody logs in as Admin.
Furthermore, if you don't need to control permissions according to
users, then using security is an unnecessary administrative burden.
>
>Bear with me, and hopefully this will explain why I keep questioning.
>Aside from this ts project, I have 2 another access projects running,
>which are multiuser over a lan, and may have 5 to 8 concurrent users,
>and around 15 user accounts, in each project. I setup everyone in the
>mdw, and set the object permissions, etc.
>
>I've never had the kind of corruption or other problems many have
>asked about, in these groups. I consider myself a intermediate access
>user and consider those that are having the problems about my level of
>experience. Doing this new project, without customizing the mdw sort
>of makes me wonder if I'm not missing something.
If you haven't had database corruption, that's a testament to the
stability of your network and other hardware. It also speaks well of
your programming skill and your users' good practices. It has nothing
to do with whether or not all database users are "Admin".
>
>Do MVP's remember what it is like to be "nervous", over a new project,
>and wonder if you have all the right bases covered??
I get nervous all the time about database projects. Healthy
nervousness is a good trait IMHO. However, you are on the wrong track
worrying about multiple Admin users.
>
>I guess that's why I keep questioning.
>Thanks for you help, Joan,
>Andy
>
>
********************
**
jackmacMACdonald@tel
usTELUS.net
remove uppercase letters for true email
http://www.geocities.com/jacksonmacd/ for info on MS Access security
| |
|
| jacksonmacd < jackMACmacdo0nald@te
lus.net> wrote in
news:sqllq1lv3nltvmb
6bnppjs9dj54lmhog2q@
4ax.com:
>
>
> ********************
**
> jackmacMACdonald@tel
usTELUS.net
> remove uppercase letters for true email
> http://www.geocities.com/jacksonmacd/ for info on MS Access security
>
Good point about the user auditing. I mentioned in a prev post that I
have a simple login setup, to track user changes, and think it should
suffice.
Thanks, Jack, you seem to have covered all the bases!! Hopefully I
can cut back on the prozac, now!!
Andy
| |
|
| If you are interested in Access security, there is a good
book out there which talks about different approaches
(can't remember the title, but there is only one book
specifically about Access security, so if you Search you
will find).
(david)
"andy" <andy@andynot.com> wrote in message
news:43aae952$0$1696
9$9a6e19ea@unlimited
.newshosting.com...
> jacksonmacd < jackMACmacdo0nald@te
lus.net> wrote in
> news:sqllq1lv3nltvmb
6bnppjs9dj54lmhog2q@
4ax.com:
>
>
>
> Good point about the user auditing. I mentioned in a prev post that I
> have a simple login setup, to track user changes, and think it should
> suffice.
> Thanks, Jack, you seem to have covered all the bases!! Hopefully I
> can cut back on the prozac, now!!
> Andy
| |
| Douglas J. Steele 2005-12-22, 8:26 pm |
| I assume you're talking about Garry Robinson's "Real World Microsoft Access
Database Protection and Security"
http://vb123.com/map/
--
Doug Steele, Microsoft Access MVP
http://I.Am/DougSteele
(no e-mails, please!)
< david@epsomdotcomdot
au> wrote in message
news:%23PLsQ40BGHA.228@TK2MSFTNGP12.phx.gbl...
> If you are interested in Access security, there is a good
> book out there which talks about different approaches
> (can't remember the title, but there is only one book
> specifically about Access security, so if you Search you
> will find).
>
> (david)
>
> "andy" <andy@andynot.com> wrote in message
> news:43aae952$0$1696
9$9a6e19ea@unlimited
.newshosting.com...
>
>
| |
|
| Absolutely. I have read and recommend this book. My opinion:
"It's all easy stuff: no complex SQL; no SQL Server; no complex
ADO or Automation. But it's all stuff that pretty much didn't make
it into any of the other books. "
I particularly liked that fact that he touches other ideas on how to
do Access security.
(david)
"Douglas J. Steele" < NOSPAM_djsteele@NOSP
AM_canada.com> wrote in message
news:u10QnF1BGHA.2616@TK2MSFTNGP10.phx.gbl...
> I assume you're talking about Garry Robinson's "Real World Microsoft
Access
> Database Protection and Security"
>
> http://vb123.com/map/
>
> --
> Doug Steele, Microsoft Access MVP
> http://I.Am/DougSteele
> (no e-mails, please!)
>
>
>
> < david@epsomdotcomdot
au> wrote in message
> news:%23PLsQ40BGHA.228@TK2MSFTNGP12.phx.gbl...
>
>
| |
|
| "Douglas J. Steele" < NOSPAM_djsteele@NOSP
AM_canada.com> wrote in
news:u10QnF1BGHA.2616@TK2MSFTNGP10.phx.gbl:
> http://vb123.com/map/
Sorry for not getting back to this, sooner, but I took some time off,
if anyone's still around...
Thanks, I just checked out the chapter 2, at:
http://msdn.microsoft.com/library/d...rl=/library/en-
us/dndbdes/html/ Chapter2AccessProtec
tionSecurity.asp
Looks really good, I like all the pictures.
Also, Doug, I found your web page via scouring the web for winemaking
info. Do you start with grapes, or the juice? I just made my first
batch from wild grapes, and it's a very interesting experience - I'm
still racking - after 8 weeks.
|
|
|
|
|