防止启用班次旁路 - Access 2010 [英] Prevent enabling of shift bypass - Access 2010
问题描述
我试图阻止数据库用户在 Access 2010 数据库的导航窗格中查看链接表.我隐藏了窗格并禁用了 F11 键.
I am trying to prevent database users from being able to view the linked tables in the navigation pane of an Access 2010 database. I have hidden the pane and disabled the F11 key.
我知道您可以禁用 SHIFT 键的功能,该功能允许您按照 这篇文章.
I am aware that you can disable the functionality of the SHIFT key that permits you to bypass the access start-up options as per this article.
我的问题是是否有可能阻止用户从数据库本身或远程通过另一个数据库重新启用 shift 键.如果这是不可能的,有没有人知道我可以用来防止用户查看导航窗格中的表格的下一个最佳方法(我知道访问不是最安全的数据库,但它是我们在办公室自动取款机中的全部)
My question is whether it is possible to prevent a user from re-enabling the shift key either from within the database itself or remotely via another database. If this is not possible does anyone know of the next best method I can use to prevent users viewing the tables in the navigation pane (I know access isn't the most secure database but it's all we have in the office atm)
谢谢
推荐答案
我在 Access 中的安全方法如下:
My approach to security in Access is the following:
使用复杂的密码加密主数据库.
Encrypt the main database using a complex password.
使用第二个数据库登录到这个加密的数据库.第二个数据库存储用户名、用户盐和主数据库密码的加密版本以及用户密码.这样,用户不需要拥有主密码.
Use a second database to log in to this encrypted database. The second database stores usernames, user salts, and an encrypted version of the main database password with the user password. This way, no user needs to have the main password.
然后编译第二个数据库,这样修改数据库和打印主加密密钥就比较困难了.
Then, compile the second database, so it's harder to modify the database and print the main encryption key.
缺点:
- 撤销对某个用户的访问权限只有在他没有登录数据库的备份(或者您必须在主数据库,迫使您为每个用户重新创建帐户).
- 我正在使用的加密是 RC4(wqw 在 VB 中实现作为答案找到here),这不是那么强
- 拥有有效密码的精通技术的用户可以反编译数据库并使用它来获取主数据库密码
- 如果您没有对数据库进行签名并强制对所有数据库进行签名,则有人可能会修改或替换它以削弱安全性
要详细介绍所有细节太多了,所以这里是我的实现.
To go through all the details is too much, so here is my implementation.
文件元数据:大小:672 KB,SHA1 哈希:19A6C756B8D5B0CDCEBE505B289062A1BBD94DEC
File metadata: size: 672 KB, SHA1 hash: 19A6C756B8D5B0CDCEBE505B289062A1BBD94DEC
快速手册:第一次运行时会提示主数据库密码、位置、第一个用户名和密码.之后,您就可以使用表格做任何您想做的事情.
Quick manual: on first run it prompts main database password, location, first user name and password. After that, you can just use the forms to do anything you want.
请注意,这是早期的工作,我没有深入思考 SQL 注入(我使用双引号转义并为此感到羞耻).然而,这对主数据库来说不是安全风险,它只会带来破坏性黑客攻击的可能性(并且对数据库文件具有写访问权限的人无论如何可能会破坏它).
Note that it's earlier work, and I haven't deeply thought about SQL injection (I use doublequote escaping and am ashamed for it). However, this isn't a security risk for the main database, it only opens up a possibility for a destructive hack (and someone with write access to the database file can probably destroy it anyway).
它没有被编译,菜单也没有隐藏,所以你可以很容易地检查和修改它.实现时,隐藏所有菜单并编译.
It's not compiled and menus aren't hidden, so you can easily inspect and modify it. When implementing it, hide all menus and compile it.
该数据库与所有 SO 内容一样,已获得 CC BY SA 3.0 许可
The database, as all SO content, is licensed CC BY SA 3.0
这篇关于防止启用班次旁路 - Access 2010的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
