how to properly secure the BE (1 Viewer)

ahmed_optom

Registered User.
Local time
Today, 11:24
Joined
Oct 27, 2016
Messages
93
I have an access front end, and now a sql backend.

The problem is, as many know, the uid and pwd are kept in plain text so can easily be "hacked". If the be was a split access db, the pwd for the BE is also stored in the same way :(

The ODBC connection string doesnt appear to let me use variables, so I cant find a way to "hide" the connections details.

Im sure others are aware of this problem and have come up with better solutions than me, can anyone give me any ideas?

thanks,
 

theDBguy

I’m here to help
Staff member
Local time
Today, 04:24
Joined
Oct 29, 2018
Messages
21,358
Hi. If you don't want to use a login and password, then you could try using Windows Authentication. Otherwise, look into DSN-less connections.
 

ahmed_optom

Registered User.
Local time
Today, 11:24
Joined
Oct 27, 2016
Messages
93
Thanks guys, but I dont think I made myself clear.

I have a login system, and it works fine, im using a dsnless connection to a sql back end.

But the problem with access is that the login and password to the sql can be easily seen by just opening the front end in notepad etc.

So someone can just bypass every login you have made in access and just log straight to your backend, a major problem.
 

theDBguy

I’m here to help
Staff member
Local time
Today, 04:24
Joined
Oct 29, 2018
Messages
21,358
Thanks guys, but I dont think I made myself clear.

I have a login system, and it works fine, im using a dsnless connection to a sql back end.

But the problem with access is that the login and password to the sql can be easily seen by just opening the front end in notepad etc.

So someone can just bypass every login you have made in access and just log straight to your backend, a major problem.

Hi. Are you saying you can't use Windows Authentication?
 

ahmed_optom

Registered User.
Local time
Today, 11:24
Joined
Oct 27, 2016
Messages
93

I will look into that, but it doesnt seem a good solution. Adding another login for the users. Also, just a quick glance, and Im not even sure its possible from ms access, it seems to be set up for a web based environment, eg using asp or visual studio.

I am hoping just to find a way of properly "hiding" the dsnless connection info for the sql server.
 

theDBguy

I’m here to help
Staff member
Local time
Today, 04:24
Joined
Oct 29, 2018
Messages
21,358
I will look into that, but it doesnt seem a good solution. Adding another login for the users. Also, just a quick glance, and Im not even sure its possible from ms access, it seems to be set up for a web based environment, eg using asp or visual studio.

I am hoping just to find a way of properly "hiding" the dsnless connection info for the sql server.

Well okay, I know what you're asking for is possible and it involves dsn-less connection but I just couldn't find the link for you at the moment.
 

isladogs

MVP / VIP
Local time
Today, 11:24
Joined
Jan 14, 2017
Messages
18,186
Hi Ahmed
I thought we discussed this a few months ago in connection with my encrypted no strings example app ( an updated version of which will be uploaded in the next couple of weeks

You can definitely encrypt the password so that opening the file using a text or hex editor will not reveal the password string. However there is a way of bypassing that without knowing the BE password. I'm not going to supply details as it would assist hackers.

You can also apply additional security to prevent hackers copying your data.
But in the end, there are no methods of making Access apps 100% secure.
 

ahmed_optom

Registered User.
Local time
Today, 11:24
Joined
Oct 27, 2016
Messages
93
Hi Ahmed
I thought we discussed this a few months ago in connection with my encrypted no strings example app ( an updated version of which will be uploaded in the next couple of weeks

You can definitely encrypt the password so that opening the file using a text or hex editor will not reveal the password string. However there is a way of bypassing that without knowing the BE password. I'm not going to supply details as it would assist hackers.

You can also apply additional security to prevent hackers copying your data.
But in the end, there are no methods of making Access apps 100% secure.

thanks, I will check. I really feel Microsoft have let us down in this respect.

Hi Ahmed
However there is a way of bypassing that without knowing the BE password. I'm not going to supply details as it would assist hackers.

This is basically what Im trying to solve, I was trying to be vague and not give out to many details for obvious reasons. I will wait for your new version and continue to research and try and figure something out.
 

theDBguy

I’m here to help
Staff member
Local time
Today, 04:24
Joined
Oct 29, 2018
Messages
21,358
thanks, I will check. I really feel Microsoft have let us down in this respect.

This is basically what Im trying to solve, I was trying to be vague and not give out to many details for obvious reasons. I will wait for your new version and continue to research and try and figure something out.
Hi. Okay, I found a good link for you. Good luck!
 

Users who are viewing this thread

Top Bottom