This question is in reference with the question -
How To Protect Database Files From Copying In Windows
I have stored the database in a computer not connected through internet and provided to the user. The database is used by an application which i have written.
The user who logs in to computer is an adminstrator level user in Windows OS .So he can read/write copy files without any restrictions.
The user accesses database thorugh an application with a fixed password known by the application.
As i have confidential information in the database which i do not want the user to access, i would like to restrict the computer owners access to database.
The user can still copy database files and view database in another system with out knowing mysql password.
I have tried to encrypt Drive using Bit Locker software but as soon as i copy the file in other hard drive/USB media i can see it in plaintext on USB media.
Are there any tools available to prevent users from copying the database files while still allowing applications to access or write data to database.
Related
I just started on a new Electron project that needs to access a database, e.g. SQLite. The database will be on a shared drive that should be accessed by the Electron app.
To do that, I need to provide the path as well as the password for the database to the Electron app. Since it's desktop application, I deliver the whole application incl. the database credentials to the user.
From my point of view, this is not a good approach from a security perpective.
So the question is, where do I store these details, especially the credentials?
The same issue applies if I use e.g. another database like MySQL. There, I also need to store the host and the credentials.
I have a Microsoft Access application (accdb) hosted on a server that all users remote into. I'm using the code from Microsoft to list users. The problem is that the LOGIN_NAME for all the users is Admin Pic of list of users all named Admin.
Is there a setting on the server I can change that uses the Login ID of each user instead of Admin?
That code refers to the workgroup security of the JET engine, which was abandoned in Access 2010 and still is.
You will have to obtain the logon name of the session. The extremely simple method in VBA is:
Username = Environ("username")
You can also use an API call for this.
You should know also that an Access application must be split into 2 files (front & back) for simultaneous multi user deployment. Each user must be assigned their own unique front file. All front files link to the single back file that holds the tables. No one directly uses the back file.
If you have sufficient privileges to open an Administrative Command Prompt on the remote server, I suggest the OpenFiles command. You could also look at the SysInternals PsFile command. Both should tell you the real usernames of all users attached to an Access database file.
I have created quite a large Access 2016 db. It is now ready to share with the business and needs to be put onto SharePoint. I've tried just uploading the file to a SharePoint document library, however users cannot edit the database (there is a lot of VBA code that runs SQL commands that write data input by users into the database).
Is there a way to share the database that allows users to open it from SharePoint and let the VBA write to the database/tables?
That is not possible as SharePoint isn't an SMB fileshare, neither is OneDrive, DropBox, etc.
The SMB fileshare is offered by a Windows Server or a Linux box with Samba installed.
With Access 2007 Microsoft stopped security on userlevel. Does anyone know a possibility to give user permissions?
Only trusted user have access to my database. Nevertheless, there are too many and they WILL accidentally damage the data structure, like deleting or more 'evil' editing a primary key of the main table, or something similar.
(I do not need any safety against hacking)
The problem is, I can't simply run a SQL Server. The users are in a private network, the file is on a secure private network drive, and they do not have administrative rights on their computers to install additional software, so the solution has to be done with windows and access 2010+.
Access 2007 and later still support user-level security for databases in the older MDB format. If your application doesn't require features only available in the newer ACCDB formats, you can use a shared MDB for data storage and the users could each have their own copy of a front-end db which links to the shared MDB tables.
If that is not satisfactory, "compile" your ACCDB to an ACCDE version and then rename the ACCDE to ACCDR. The ACCDR can then only be opened in runtime mode, which restricts the operations available to your users. Basically you can allow them to interact with the database only with forms you provide --- so you can control what they can do.
I have a VB6 application that works fine on most Windows 7 machines (even with UAC turned on), but for some of them if the program is not set to 'Run as administrator' upon startup it will return the error message 'No value given for one or more required parameters' when it tries to query the database.
I know the error message usually means that the table name(s) and/or parameter(s) are spelled incorrectly. But that is not the case here since the same application doing the same proceedures/query calls has no issues on Win XP and some Win 7 machines.
The database is MS Access 2003 format. The database is located in the Program Files directory along with the application exe and dlls.
If this was a consistant error then I could easily debug it and move on, but since all my testing machines do not generate this error, I am at a loss.
Any ideas as to why this occurs and how to fix it?
Thanks,
Chris
Storing database file in Program Files is not a good idea because this location is protected and standard users, and administrators in UAC-enabled system, cannot write to it. You should store the database either in AppData in user's profile or ProgramData if it needs to be shared between all users.
Since standard users cannot write to Program Files, Vista/7 have Virtualization mechanism. If a program without write access to Program Files tries to write there, the file system redirects the request to user's profile. The virtualized Program Files directory is located in C:\Users\<account>\AppData\Local\VirtualStore. I think you see this error because of virtualization: the database may exist in both locations the real Program Files and the virtualized one, and the files can be different. The virtualized version could not have the required records, that's why you get the error message.
When you start your application as Administrator, Virtualization is disabled and you access the file located in Program Files.
So check if the database file exists in VirtualStore, and try to find the differences between it and the file stored in Program Files.