Depending on how it was secured, this may work, or it may leave you in a statewhere you can't even OPEN the database.If the person who secured the database knew what they were doing, then there'sbasically no way to break the security without resorting to brute force,unless someone out there has come up with something to do it since we researched it a month ago.He said admin had no permissions, so overwiting system.mda would be useless.-- ******************************************************************************** Michael Catchpole If at first you don't succeed, destroy ** mc1...@cnsunix.albany.edu all evidence that you tried! ********************************************************************************
Download Hex Editor Provided By Cheatbook Database destroy first mister
As all readers of this thread know, Steven Drinovsky taught usa nice lesson about security in MS Access 2.0.Just as simple and easy as Steven's security workaround is, Ithink I have found a simple way to prevent this workaround fromdoing what it should't do: Users are not supposed to be able toview your precious code!!! Here is, what Steven's code workaround relies on:sdrin...@wic.tdh.state.tx.us (Steven Drinovsky) wrote:> **************************************************************>> Security Hole In Microsoft Access 2.0> The first step in recovering a deleted object is to look at the > system table MSysObjects. This table list all the objects in > the current database including deleted objects. To open this > table set the "Show System Objects" property to true under the > general options menu. This table has many columns that Access > uses to gather information about the object, the one we are > interested in is the "Name" column in particular the names > beginning with a "TMP." These are your deleted objects. To open > one of these objects you need to know the type of the object from > the "Type" column. Possible values include 1,4,5,6 for tables, > -32761 for Modules, -32764 for Reports, -32766 for Macros, > and -32768 for Forms. Once you know the type, you can view the > deleted object by one of the following commands: OpenTable, > OpenModule, OpenReport, or OpenForm. For Example, typing: >> DoCmd OpenTable "TMPCLP-305701">> in the immediate window will open the deleted table TMPCLP-305701. Steven then describes, how to delete a secured object and retrieveit's code using the CopyObject and OpenModule/Form... command.An easy way to prevent this from happening is to RETRIEVE ALL RIGHTSOF THE MSysObjects TABLE, so that the "bad" Users can't get at thecryptic name of the deleted table !!! This will not change the way your app works, but one can't use theCopyObject and the OpenModule/Form/Module... since the name of thedeleted object(s) are not known!What you still can't prevent users from doing, is to destroy yourapplication (by deleting secured objects with the rename function),but that should not matter too much, since your data is safe (secured tables and queries can not be deleted this way) and the user would only destroy his own program.Any comments to this "security solution" are very welcome! 2ff7e9595c
Comments