Transcript DBMS – SECURITY ISSUES

Securing a Database
1. Understanding database security
2. Protecting the Database File
3. Protecting Code
4. Using User level Security
5. Working with workgroups
6. Working with Accounts
7. Working with Permissions
8. Converting a secured databases
9. Start Up Forms
10.Main Switchboards
DBMS – SECURITY ISSUES
Security of information: Why, What, How, and When.
•Confidentiality
•Privacy
•Accuracy
•Reduce the chance for errors
•Level of access / privilege
•Unauthorized access
•Control Updates
•Sharing of Databases
Sharing of Databases
No Locking:
Starting Balance $400
Tranx 1
$300
Tranx 2
$200
Closing Balance
-$100
With Locking:
Overdrawn
Starting balance: $400
Tranx 1
$300 locked
Balance
$100 unlocked
Tranx 2
$200 insuf. fund
Closing balance $100
Protecting a Database File
Securing a Microsoft Access database file
• The simplest method of protection is to set a password
for opening a Microsoft Access database (.mdb).
• Only users who type the correct password will be
allowed to open the database.
• Once a database is open, all its objects are available to
the user (unless other types of security have already
been defined)
Caution: Do not use a database password if you will be
replicating a database. Replicated databases can't be
synchronized if database passwords are defined.
If passwords is forgotten, Database can not be opened.
Protect a database by adding a database password
Caution
•
If you lose or forget your password, it can't be recovered, and you won't be
able to open your database.
Do not use a database password if you will be replicating a database.
Replicated databases can't be synchronized if database passwords are
defined.
Notes
•
A database password is stored with the database and not with the workgroup
information file.
You can't set a database password if user-level security has been defined for
your database and you don't have Administer permission for the database.
Also, a database password is defined in addition to user-level security. If
user-level security has been defined, any restrictions based on user-level
security permissions remain in effect.
If a table from a password-protected database is linked, the password is
cached (saved) in the database it is linked to when the link is established.
This may have unforeseen consequences. For more information, click .
Protect a database by adding a database password
1.
Close the database. If the database is shared on a network, make sure all
other users have closed the database.
2.
Make a backup copy of the database, and store it in a secure place.
3.
On the File menu, click Open.
4.
Click the arrow to the right of the Open button, and then click Open
Exclusive.
5.
On the Tools menu, point to Security, and then click Set Database
Password.
6.
In the Password box, type your password. Passwords are case-sensitive.
7.
In the Verify box, confirm your password by typing the password again, and
then click OK. The password is now set. The next time you or any other user
opens the database, a dialog box will be displayed that requests a password.
Remove a database password
On the File menu, click Open.
1.
Click the arrow to the right of the Open button, click Open Exclusive, and
then open the database.
2.
In the Password Required dialog box, type the database password, and
then click OK. Passwords are case-sensitive.
3.
On the Tools menu, point to Security, and then click Unset Database
Password. This command is only available if a database password was set
previously.
4.
In the Unset Database Password dialog box, type your current password.
5.
Click OK.
Hide objects in the Database window – Protecting Code:
1.
In the Database window, click the object you want to hide.
2.
Click Properties on the toolbar.
3.
Click Hidden, and then click OK.
Notes
•
•
To show all hidden objects, click Options on the Tools menu,
click the View tab, and then select the Hidden Objects check
box. The icons for hidden objects will be displayed with a
dimmed outline. You can then repeat the steps, but in step 3 clear
Hidden, to unhide the objects.
In a Microsoft Access project, you cannot hide tables, views,
database diagrams, or stored procedures.
Security Account Passwords
The second kind of password is called a "security account password"
and is only used when user-level security has been defined for a
workgroup. A security account password is created to make sure
that no other user can log on using that user name.
• The Admin user account (to activate the Logon dialog box).
The user account that owns the database and its tables, queries,
forms, reports, and macros.
Any user accounts that you add to the Admins group.
In addition, you might want to add passwords to the accounts you
create for users, or instruct users to add their own passwords.
Users can create or change their own user account passwords;
however, only an administrator account can clear a password if a
user forgets the password.
How to organize security accounts
A Microsoft Access workgroup information file contains the following predefined
accounts.
Account - Admin
The default user account. This account is exactly the same for every copy of
Microsoft Access and other applications that can use the Microsoft Jet database
engine, such as Microsoft Visual Basic for Applications and Microsoft Excel.
Account - Admins
The administrator's group account. This account is unique to each workgroup
information file. By default, the Admin user is in the Admins group. There must
be at least one user in the Admins group at all times.
Account - Users
The group account comprising all user accounts. Microsoft Access automatically
adds user accounts to the Users group when a member of the Admins group
creates them. This account is the same for any workgroup information file, but it
contains only user accounts created by members of the Admins group of that
workgroup. By default, this account has full permissions on all newly-created
objects. The only way to remove a user account from the Users group is for a
member of the Admins group to delete that user.
Secure a database using the User-Level Security Wizard
By using the User-Level Security Wizard, you can apply user-level security
with a commonly-used security scheme and encrypt your Microsoft
Access database.
1.
Open the database that you want to secure.
2.
•
On the Tools menu, click Security, and then click User-Level
Security Wizard.
Follow the directions in the wizard dialog boxes.
Notes
The User-Level Security Wizard creates a back-up copy of the
current Access database with the same name and a .bak extension,
and then secures the selected objects in the current database.
User-level security
When using user-level security in a Microsoft Access database, a database administrator or an
object's owner can grant specific permissions to individual users and groups of users on
the following objects: tables, queries, forms, reports, and macros. Data access pages and
modules are not protected by user-level security.
Workgroup
A group of users in a multiuser environment who share data and the same workgroup
information file.
Admin account
The default user account. When you install Microsoft Access, the Setup program
automatically includes the Admin user account in the workgroup information file it
creates. The Admin account is the same for every copy of Microsoft Access and for other
applications, such as Microsoft Visual Basic, that use the Microsoft Jet database engine.
By default, Microsoft Access automatically logs you on at startup using this account and
gives you full permissions to database objects.
Admins group
The system administrator's group account that retains full permissions on all databases used
by a workgroup. The Setup program automatically adds the default Admin user account to
the Admins group. There must be at least one user in the Admins group at all times.
Control how an Access database or Access project looks and behaves
when it starts
You can specify, for example, what form to display, whether toolbars can be
customized, and whether shortcut menus are available.
1.
On the Tools menu, click Startup.
2.
Select the options, or enter the settings you want to use.
Notes
•
For information about a specific item in the dialog box, click the
question mark at the top of the dialog box, and then click the item.
•
For a list of issues to consider when setting options in the Startup
dialog box, click .
For additional information about creating an application, click
Create, customize, and delete a switchboard form
You create, customize, and delete a switchboard by using the Switchboard Manager.
Create a switchboard
1.
Open the database.
2.
On the Tools menu, point to Database Utilities, and then click Switchboard Manager.
3.
If Microsoft Access asks if you'd like to create a switchboard, click Yes.
4.
Click New.
5.
Type the name of the new switchboard, and then click OK.
Microsoft Access adds the switchboard to the Switchboard Pages box.
6.
Click the new switchboard, and then click Edit.
7.
Click New.
8.
Type the text for the first switchboard item in the Text box, and then click a command in the
Command box. For example, type View Recording Artists, and then click Open Form In
Edit Mode in the Command box.
Note: To create a switchboard that branches to other switchboards, click the Go To
Switchboard command in the Command box, and then specify the switchboard you want to
go to.
9.
Depending on which command you click, Microsoft Access displays another box below the
Command box. Click an item in this box, if necessary. For example, if you clicked Open
Form In Edit Mode in step 8, click the name of the form you want to open in the Form box,
such as Recording Artists, and then click OK.
10.
Repeat steps 7 through 9 until you've added all the items to the switchboard.
Note: To edit or delete an item, click the item in the Items On This Switchboard box, and
then click Edit or Delete. If you want to rearrange items, click the item in the box, and then
click Move Up or Move Down.
11.
When you've finished creating the switchboard, click Close.
• Notes
• To make a switchboard open when you
open the database, click the switchboard
name in the Switchboard Manager dialog
box, and then click Make Default.
• When you create a switchboard with the
Switchboard Manager, Microsoft Access
creates a Switchboard Items table that
describes what the buttons on the form
display and do. If you make changes to the
Switchboard form later in form Design
view, the application may no longer work.
Database Recovery
• Backups – Off site, full system,
incremental, part
• Log Files
• Recovering from hardware or software
failure and sudden power cut
• Recovering the database with a transaction
that was half way thru
• Preventive methods - UPS
Back up a database
1.
Close the database. If you are in a multiuser environment, confirm that all users have
closed the database.
2.
Using the Windows Explorer, My Computer, Microsoft Backup, the MS-DOS copy
command, or other backup software, copy the database file (an .mdb file) to a backup
medium of your choice.
Notes
•
If you are backing up to a floppy disk and your database file exceeds the size of the
disk, you cannot use Windows Explorer or My Computer to back up your database;
you must use Microsoft Backup or backup software so that you can copy the file over
more than one disk.
•
You should also create a backup of the workgroup information file. If this file is lost
or damaged, you won't be able to start Microsoft Access until you restore or rebuild it.
•
You can back up individual database objects by creating a blank database and then
importing the objects you want from the original database.
Repairing an Access database
In most cases, Microsoft Access detects that an Access database is
damaged when you try to open it and gives you the option to compact
it at that time. In some situations, Microsoft Access may not detect that
an Access database is damaged. If an Access database behaves
unpredictably, compact it.
Compacting a previous-version Access database won't convert it to Access
2000 format. Learn more about converting a previous-version Access
database.
If you are compacting a multiuser (shared) database that is located on a
server or shared folder, make sure that no one else has it open. You
must have Open/Run and Open Exclusive permissions for an Access
database in order to compact it. Learn more about assigning
permissions.
• Powerful Tool to Repair Corrupt Access
Database
• SysTools Access Recovery is the most popular
advanced access database repair tool to repair
corrupt MS Access database. SysTools Access
Recovery supports to repair Access database of
MS Office 97/2000/XP/2003. Software is a secure
& easy access database recovery utility designed
to repair corrupt Access database (.mdb files).
• SysTools Access Recovery recovers objects like
tables, queries, relationships and repairs password
protected MS Access or mdb files.