偶然发现了一个大规模的安全问题...决议? [英] Just Stumbled upon a MASSIVE security issue... Resolutions?
问题描述
我又来了......我有一个新问题.....
i我试图让我的假日数据库尽可能安全,而且我正在尝试锁定所有启动选项以及限制访问数据库的内容。(使用自定义登录系统)
但是可以创建一个新数据库(空白)并导入表来自Holiday DB的等等,然后在没有授权的情况下对原件进行更新查询等...
所以有人可能(很容易)以任何他们想要的方式弄乱数据库最令人担忧的....删除所有内容!!!
无论如何都要锁定此操作!?
我很担心这个现在我已经偶然发现它了,因为如果是这样的话那么我的数据库将不会是一个可行的项目,我会浪费很多时间来完成它...
请帮助...
谢谢Dan
Its me again... and i have a new problem.....
i am trying to make my holiday database as secure as possible and at the moment i am trying to lock out all startup options and whatnot to restrict access to the DB.(Using a Custom Logon System)
but it is possible to create a new DB (blank) and import the tables etc from the Holiday DB and then do update queries etc on the original with no authorisation...
so someone could potentially (Quite easily) mess with the DB in any way they want and Most worrying.... delete everything!!!
is there anyway to Lock this action out!?
Im quite worried about this now that i have stumbled upon it because if this is the case then my DB will not be a viable project and i will have wasted MANY HOURS of my FREE TIME doing it..
Please Help...
Thanks Dan
推荐答案
我又来了......我有一个新问题.....
i我试图让我的假日数据库尽可能安全并且在那一刻我试图锁定所有启动选项以及限制访问数据库的内容。
但是可以创建一个新的数据库(空白)并从中导入表等。 Holiday DB然后在未经授权的情况下对原件进行更新查询等...
所以有人可能(很容易)以任何他们想要的方式搞乱DB,最让人担心。 ...删除所有内容!!!
无论如何都要锁定此操作!?
我现在非常担心这个我已经偶然发现它,因为如果是这样的话那么我的数据库将不会是一个可行的项目,我会浪费很多时间来做这件事。
请帮忙.. 。
谢谢Dan
Its me again... and i have a new problem.....
i am trying to make my holiday database as secure as possible and at the moment i am trying to lock out all startup options and whatnot to restrict access to the DB.
but it is possible to create a new DB (blank) and import the tables etc from the Holiday DB and then do update queries etc on the original with no authorisation...
so someone could potentially (Quite easily) mess with the DB in any way they want and Most worrying.... delete everything!!!
is there anyway to Lock this action out!?
Im quite worried about this now that i have stumbled upon it because if this is the case then my DB will not be a viable project and i will have wasted MANY HOURS of my FREE TIME doing it..
Please Help...
Thanks Dan
嘿Dan!
抱歉你的麻烦,让'看看我们如何能够开始钉扎了下去。请继续关注我们朋友的其他选择。事实上,我可能会向您推荐一个特定于禁用特殊键的链接,等等,我很自豪地承认这个论坛已经帮助它朝着正确的方向发展。
首先,我认为你走在正确的轨道上,你的启动选项将有助于保持稳定,甚至可以为你的代码设置密码,以阻碍用户查看代码的能力。
(1)保留当前数据库的模板
(3)隐藏窗口菜单下的数据库(隐藏/取消隐藏选项)
(2)转到工具,选项下,取消选中弹出窗口中隐藏的对象
希望您已经逐个右键单击表单,表格,查询,
并选择要检查的属性隐藏对象选项(这使得隐藏对象方法可以与上面的选项3自由交互
(4)取消选中启动时显示的任何内容,通过工具,启动
( 5)您将想要找出一种方法来撤消上述所有内容,以便您处理事情,因此请坚持下去当数据库加载有助于查看hiden对象等等时,请按下shit键
(6)在特殊键上添加密码,要求用户添加密码以启用某些特殊键(这里可能有一些关于如何做这部分的代码)...
希望这有助于你前进,但Dan ...请继续关注,如果需要,可以在这里找到链接以获得更多支持:-)
几乎忘了,你可以添加密码来隐藏你的VBA代码:
A-右键单击任何命令按钮
B-向下滚动到OnClick事件程序
C-在框中填充这三个小圆点
D-转到工具,YourDatabaseName日志属性
E-命中保护选项卡
F- Check Lock项目查看
G-添加密码
保存,这是正常的东西并解雇你的表格并尝试做AC
祝你好运项目,Dan,我几乎可以说我知道你是什么'感觉:-)
有点!
Hey Dan!
Sorry for your troubles, let''s see how we can begin pinning it down. Please do stay tuned for other options from our friends here. In fact, I may refer you to a link specific to disabling special keys, and so on, for which I am proud to admit this forum has helped stear it in the right direction.
First off I think you''re on the right track, your startup options will help keep it solid, you can even set up a password for your code to hinder user ability to see code.
(1) Keep a template of current database
(3) Hide your database under Window menu (Hide/Unhide option)
(2) Go under tools, options, uncheck hidden objects in the pop up
Hopefully you had already right-clicked on forms, tables, queries one by one,
and selecting properties to check hidden objects option(this enables hidden objects method to interact freely with Option 3 above
(4) uncheck anything showing in startup, via tools, Startup
(5) You will want to figure out a way to undo all of the above so you work with things, therefore holding down shit key as database loads aid in viewing your hiden objects and so on
(6) Add a password to your special keys to demand that user adds a password to enable certain special keys (There''s probably a code here on how on to do this part of it)...
Hope this helps get you going, nonetheless Dan...please stay tuned, and do find that link here for added support if needed:-)
Almost forgot, you can add a password to hide you VBA code:
A- right-click on any of your command buttons
B- scroll down to OnClick event procedure
C- fire those three little dots in box thingee
D- Go to tools, YourDatabaseName Log properties
E- Hit Protection tab
F- Check Lock project for viewing
G- Add a password
Save, that normal stuff and fire your forms and attempt to do A-C
Good luck with project, Dan, I can almost say I know what you''re feeling:-)
In a bit!
它可以将存储在该数据库中的数据导入另一个数据库和动作查询可以在困扰我的原始文件上完成!!
i可以很好地锁定数据库。
使用访问安全功能不符合我的需求(在用户功能方面)...
感谢Dan
its the fact that the data stored in that database can be imported into another database and action queries can be done on the original that bothers me!!
i can lock down the database quite well apart from that.
using the access security features dont suit my needs (in terms of user functionality)...
thanks Dan
管理层应该知道你的关注。
无论你怎么努力锁定Access数据库 - 有一个精明的用户可以做一些研究并找到方法。我是那些savy之一用户在某一点上。
有时最终用户需要的比他/她更多,并试图达到他们自己想要的东西。
有时,数据所有者不会放弃访问最终用户所需的数据,并提示最终用户尝试获取信息需要。
这里的会计部门要求提供报告,但不能访问他们的一些数据来使报告更容易。
如果有人需要更多信息或其他数据元素,请找出原因以及它是否是其业务流程的一部分。
Management should be made aware of your concerns.
No matter how hard you try to lock an Access Database down - there''s a savy user that can do some research and find a way in. I was one of those savy users at one point.
Sometimes the enduser needs more than he/she is given and tries to get to what they actually want on their own.
Sometimes the data owner will not give up access to the data the enduser needs and that prompts the enduser to try to get the info they need.
Accounting Department here is notorius for asking for reports but not giving access to some of their data sources to make reporting easier.
If someone needs more info or other data elements, find out why and if it is a part of their business process.
这篇关于偶然发现了一个大规模的安全问题...决议?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
