My question is as follows. When I recieve a usage fee for an application I developed in Access 2007 I send out the application to my client, but how do I make sure that the client won't simply copy the database and redistribute it. Thus letting the client's client avoid the usage fee for the application.
I have put a 128-bit encryption on the application to secure the data in the tables and also converted it from a .Accdb to .Accde to secure the forms, reports, query's and VBA.
Also, I let them sign a legal document in which it states that the application cannot be redistributed unless authorized by me, but of course I'd rather they couldn't even if they tried.
What are my options here? I thought about linking a license code (handmade by me) to a certain MAC-Address that I can retrieve with VBA. And only making the database usable in case they match. But would this even work and is it easy to bypass?
Any help would be greatly appreciated,
thanks in advance for any suggestions/replies.
Edit: Thanks Dork Programmer for your reply.
In the end I chose to go for the drive volume number to give access to the application. I am aware that this changes when the disk is formatted and there is a slight possibility that it is not unique, however I believe this will have to do as I am unable to retrieve the manufactures hard drive serial number (which would be unique)
In conclusion; the client wil give me their drive vol number, I then add this to a table that holds these numbers. I then apply all my security measures and send the client the app. When the application opens the app will only be usable if a match is found between the clients disk vol number and the values in the table, else it will close the app. Should a client decide to format his/her disk or remove it they could then contact me and I'd add the new number to the approved numbers table and send them the app back.
I just sharing what I did on my ms-access application
First, I create some form with the VBA code inside to enter the unique code
Then I create some Hidden table to store the unique code and also to store the IP address/Computer name that database located.
Based on my experience, this method is quite enough effective to avoid user copying the database or moving it to another computer.
Related
Intent: I would like to distribute forms to User X, User Y and User Z. These forms would be pre-populated with existing data on their ongoing projects. Meaning for User X, he will only be able to see his own details etc. They are to validate the information, and make changes to the data if necessary.
I tried finding the best way to go about executing this and landed on MS Access (if there's something else, please do share).
So I have a database, created my forms but how do I go about sharing only the forms to my users and updating my database. Resources I have include:
SharePoint Online (may or may not have access to it...)
Outlook
Desktop Access
I am open to various scenarios involving direct updating through SharePoint, or even manually updating the forms received through them via email if it is possible.
My most important consideration is data security. User X should not be able to see the details of other users. User-level security from older versions of Access could probably do that but its no longer in the newer version and a check online suggests it isn't the most secure option.
Any help would be much appreciated.
You do not include any information on what kind of data your "forms" includes why you collect the data and what do you want to do with it. At the very least if data from multiple users needs to be combined for any sort of overall reporting.
If the most important consideration is limiting each user to a sub-set of the data then I don't see how you decided MS Access is your best option. Any security on an Access file is easily bypassed. On top of that unless each of your users has their own set of tables you cannot set up any kind of security that isolates their individual information.
To completely isolate user information you have three options:
Use a separate database for each. Then, if you need to, link them all
into a master database in the back end.
Use an isolated front end. You cannot use an Access front end as that
will have to link to the tables; you have to use a separate
interface, either a web type interface or a Windows application that
the user has to log on and has no access to any data other than what
the software is displaying.
Use import/export files. Have access export each user's info to an
Excel sheet or other convenient data file. Let them make their
changes and return the files to you, then import them back into your
database.
I'm creating an application for work in which I need to be able to disable the app if I leave the company. I'll maintain ownership and this agreement to cancel upon my departure is agreed upon in our contract.
Since these apps will be used by other people, I need to perform a "check" upon launching as to whether access is still granted or not.
I know that MySQL would be perfect for this by simply storing a 0 or 1 in a TINYINT table, but I don't want to use MySQL for this small task since I'd have to use free hosting which has proven hard in finding reliable hosts with remote access enabled.
Ideally I'd like a website that offers a personalized URL like http://randomURL.com/X38DAKNLD828ND that I could store a simple piece of text like "Enabled" or "Disabled".
There must be some simple way to store such a small piece of data?
Just try parse.com
If you're writing a small/simple app (or a throwaway prototype) with little to no logic on the backend then go for it, but for something larger/scalable it's best to avoid it, I can say that from first hand experience
Good morning,
I'm doing a project, the customer prefers to use Access 2013 as the all in one package - front end, database etc.
In short the customer will give their users a blank copy of the database, which is taken on site and used to generate data based on calibration of equipment for that site.
The problem is the customer doesn't want anyone being able to copy the access database and use it themselves. So basically when on site he doesn't want the customer or anyone to go "oh that database is hand, give me a copy and I'll use it for myself".
I know I can compile the database but that will only protect the source.
Any suggestions on the best way to limit the use of the database?
It's been a few years and I may be foggy on parts of this, but I know you can get around password protected databases, and can bypass the 'startup' form/code so that you can open the database and view all the objects. You are correct that an MDE will not show the code. But if you have a table of valid serial numbers or MAC Id's, then I would have a module that encrypts the data in that table. Otherwise someone could add their values and still run the program? We also did some devious things like create an install package that would create some hidden file in some existing folder (with a calculated value as content), then if Access didn't find that file & content it would not run.
My company has an existing framework for online medical data entry. We are now working with some doctors in China who are interested in using this framework, however they have some concerns.
On the technical side, the online data entry forms are written in Racket and saved into a MySQL database on a server in Europe after entry. Their concerns are that in some hospitals, Internet connection might be unstable and thus doctors might lose data that was just entered into a form.
So the question is, is there some possibility to somehow buffer the data offline on the respective doctor's workstation before attempting a save to the MySQL database, in order to reduce the risk of data loss. My first instinct was to answer no, because whatever measures the application might take, it's still a web application, so when the Internet connection breaks, there won't be any possibility on the application side to save the data.
Am I right with my guess or might there be a way of accomplishing this? Another idea was creating a completely new application used for data entry and just send the data to the database when data entry is complete; this is however not feasible for the scope of this project.
Thanks in advance!
You can create a local MySQL database, make all the data from the forms be inserted into this database an then when you're sure you have internet connection you export this data to the remote MySQL database, from a different GUI preferably.
Take a look at this page http://dev.mysql.com/doc/refman/5.1/en/mysqldump.html and check if it helps.
Backstory
I work for a company that has an online site that allows user to text personal information for collection. We collect the data, and make it available online. Users can choose to share the data with other users.
Going Forward
At some point, this may become classified an FDA-governed medical tool. In anticipation, we'd like to have in place a logging system that shows each time someone accesses our users' data, whether it be the user themselves, another authorized user, or a support person.
Current Architecture
We are currently running Ruby/Rails, and using a MySQL database. The personal information is encrypted in the database.
Data Access for Support
Today, support personnel can access data one of three ways:
admin site The admin site is limited to whatever screens we develop. While we don't currently, we could easily add logging to keep an audit trail of who accessed which data using the admin tool.
sql client I use MySQLWorkbench to access production. However, when connected this way, all personal information (user name, cell number, etc), is encrypted.
Ruby Rails console - Finally, support can log into one of the production boxes and use the Ruby/Rails console from command line. Ruby will decrypt the data, so we can do some simple things such as
u=User.find_all_by_state('active')
and it will return the recordset of all users with state='active', and decrypt their personal information in the resultset.
Holy Grail
logging
easy access for support
I'd love to be have a way to allow easy support access (once authenticated) to the data, but would log everything that is accessed (read or updated). That way, if I'm checking out my buddy's ex-wife's data for example, it gets logged to a place where I can't get in and clean it the audit trail. (See Google firing Gmail employee for an example of employees breaching the data policies).
Anyone have ideas, thoughts, experiences, suggestions with this issue?
hey devguy. This was a issue for me a couple months back. We ended up centralizing our mysql queires so that we could start to track all information coming in and out. Unfortunately the class I wrote is in PHP but the idea behind it could make it very easy to start logging.
https://code.google.com/p/php-centralized-mysql-controller/
Try stored procedures. Make all code use the stored procedures for CRUD activities. This defines an API that your developers can use while business rules are global enforced (don't return entire SSN values, but only last 4 digits, etc).
This serves as the basis for an external API as well.
If you want logging/auditing, you put it in the procedure.
This protects you from everyone except the DBAs.