Comments

# R said on October 19, 2005 11:40 PM:

"ACE will no longer support the JET concept of user level security for new file formats "

I'm guessing that ACE is the name of the new JET database format???

Since you are no longer supporting user-level security in "ACE," I presume that means that you are continuing to enhance the ADP concept to access SQL Server data? Could you please comment on that for us ADP/ SQL Server users? Will ADPs get the same enhancements as the MDBs?

# TC said on October 20, 2005 12:22 AM:

Gosh. It's hard to know what to say.

(1) The macro thing. IMHO, no experienced developer is going to start coding to macros, just so their database has minimal functionality in a locked-down mode. How many professionally designed, turnkey Access applications can work to any acceptable degree, without VBA? My bet is, a very small number. This is not a feature that I would have envisaged in a hundred years. I do not use macros now, and I do not plan to use them in the future, whatever changes have been made with them. This is not because "they are a subset of VAB", as you disengeniously state; it is because they do not have any proper control structures, error handling, or other things that properly-written code should have.

(2) The new trust model - will you still support the AutomationSecurty property? I use that to luanch my product from a script, bypassing all the security warnings, regardless of the PC's macro security level. It has worked fine for me, so far.

(3) User level security. Jet had one of the most sophisticated security models in any desktop database. It was only let down by some simple mistakes that could have been fixed quite easily. (I'm not guessing, I know exactly how it all works under the hood, and how it could be changed, but this is not the place for that discussion.) Instead, you seem to be saying that you have thrown the whole model out, completely! (when people use the new file format) Is that so? If so, what have you repaced it with?

I must say, this is not what I expected. I expected that you would address the actual problems that actual people actually have when they actually try to create a secured database! Most of those probems revolve around workgroup files, and their place in the process. Your post did not mention workgroup files. Are they still used? Do they work the same way?

I'm disappointed. Please lose sleep about that! :-)

# Michael Moulton said on October 20, 2005 12:37 PM:

I use one Macro... it actually just runs a VBA subroutine though. It's only there so I can easily run a subroutine that I don't keep a button for on the main form.

But could such a macro be marked safe?

# Joan Wild said on October 20, 2005 3:56 PM:

You’re doing away with ULS *entirely*? What a shame. I’ve never used it for security, but find it a useful tool for the custom navigation you speak of.

Now what will I do? Although Access 12 will allow customization in the NavPane, how will this be accomplished with multiple groups of users and the need to have a different NavPane for each?

# rltrapp1950 said on October 20, 2005 4:12 PM:

Erik,
I'm both concerned and puzzled. First you say, "ACE will no longer support the JET concept of user level security for new file formats..." Then you say, "Access 12 will both make the product more secure through things like the improved encryption and clearer user-level security..." My puzzle is whether you are eliminating User Level Security all together or not. My concern is that you are eliminating it.

One of the strengths of Access is that developers can create applications in a wide variety of ways. User Level Security has provided one of the tools that developers have at their disposal to allow users access to certain types of data while, at the same time, denying them access to other data. The Jet ULS model gives them that ability. If you eliminate it all together and a company chooses to NOT put their data in SQL Server and/or Share Point, then you have effectively removed this ability. That is NOT a good idea.

Microsoft had high hopes that the Access user community would move over to MSDE. That didn't happen. The hope that they will all mover over to SQL Server or Share Point may well suffer the same fate. If you remove Jet ULS altogether, then you leave developers with no way to provide the kind of rich user interfaces and access levels that they want and need.

I sure hope you will reconsider this choice.

Lynn Trapp
Access MVP

# Graham Wideman said on October 20, 2005 9:26 PM:

Erik: I have long thought that Jet ULS suffered from two problems:
1. It has an aspect of "pretty good but not 100% secure" coupled with "not well understood and applied by casual Access devs". But often the "pretty good" is good enough, and the "not 100% secure" is OK. Meanwhile, part of the reason for its misapplication is the historically weak docs, and the degree to which the UI frustrates attempts to get the full overview of current security settings.
I myself ended up developing a tool (available at grahamwideman.com) to reveal "at a glance" the current state of users, groups and permissions, mostly in order to learn how it *really* behaves... which is ultimately sensible but not at all transparent in the UI.

2. It's *highly* useful in a scenario that gets very little attention, and isn't "mainstream ULS" so to speak. Jet allows us to write standalone apps (with DAO) that to the user appear to have "document files" (actually mdbs which the app reads and write using SQL), and which can also be very usefully viewed/queried *RO* by the user in Access (ie: freedom to browse the data without worry of damaging it). While you can of course implement the permissions aspect of this in MSDE, it's a totally different file management model from the perspective on an end-user (of my apps).

Bottom line: I *hope* that whatever file-based DB engine we go forward with will continue to support the scenario just mentioned, with the ability to distinguish users and permissions and at the same time allow end-users to treat the files like any other doc files. If encryption is better, great, but much of the time I (and many clients) don't care. (And the cases where they *do* care often coincide with cases where a server solution is acceptable or desirable).

# TC said on October 20, 2005 10:12 PM:

Graham wrote:
> "pretty good but not 100% secure"

The really frustrating thing, is that two of the key deficiencies would be so easy to fix.

> The ability to reverse engineer the plaintext passwords from a workgroup file, is due to a simple error in how they encrypt the passwords. This could be fixed by reversing two parameters; ie. (probably) a 2-line change to the Jet source code.

> The ability to instantly decrypt an encrypted database, could be fixed by the simple expedient of deriving the RC4 key from the database password. There would be no change to the Jet file structure, at all.

Those two changes are so straightforward, IMHO, that I may even develop a product which does them!

# Keith Wilby said on October 21, 2005 4:10 AM:

If ULS is removed from Access then I would no longer have a use for the product at my place of work and everything I have developed so far would be migrated to Oracle. I don't have an option to use an SQL BE because to do so would be against our company's IT policy. In a nutshell, no ULS, no customer.

# JohnF said on October 21, 2005 9:55 AM:

I don't know if I missed someone else making this point, but JET stands for "Joint Engine Technology". Do I get points for knowing that?

I still use macros sometimes - they are quick to create and easy to read and maintain - but I wouldn't miss them if they were gone.

# Chris Mills said on October 21, 2005 5:54 PM:

ULS is pretty much a waste of time for security because we even have MVP's like Jeff Conrad and Tony Toews posting cracks.

However, it still has a use for marginal security and/or to differentiate users, which is a functional more than a security advantage.

Overall, I would vote that ULS be retained, and some improvement to the password cracking be made along the lines suggested by TC.

# TC said on October 22, 2005 12:26 AM:

Keith wrote:
> If ULS is removed from Access then ... everything I have
> developed so far would be migrated to Oracle. I don't
> have an option to use an SQL BE because to do so would be
> against our company's IT policy.

Not sure I understand that. Do you actually mean, an "SQL*Server" BE? If so, you could link to an Oracle BE just as easily as an SQL*Server one.

# Bill Holt said on October 22, 2005 9:56 AM:

Access works great as a frontend to SQL but it can be considerably enhanced. I, for one, am concerned about the lack of discussion (up to this point) regarding ADP enhancements. Perhaps you'll devote a little time to that subject in a future post. I regularly have discussions with myself about moving our development from Access to .net since SQL Server is our data storage choice. The ease of development and built-in user-friendly tools in Access keep me here but I would really like to hear that Access is continuing to develop as a better front-end app for SQL. Thanks.

# Al said on October 22, 2005 8:39 PM:

I totally agree with Bill Holt. ADPs are absolutely critical for Access/SQL Server users. We long ago left MDBs because of the trivial ease of cracking the security model, and to take advantage of OLE-DB. I don't really use MDBs much anymore, but I am very worried about the future of the ADP.

On another security note, the VBA code passwords are also a joke - it takes a millisecond to crack with freeware available on the Internet. Please give us secure VBA passwords, and VBA project encryption.

# Chris Mills said on October 22, 2005 9:23 PM:

TC - Oracle is a full system - it does not have to rely on Access or any other Front End, unlike SQL Server. I understood Keith to mean it may be worthwhile getting out of the scenario of unsecure front ends entirely.
Regards

# Ananda Sim said on October 24, 2005 12:12 AM:

Looks like from some of the responses here that there are several distinct streams that Access is being used for (the percentage of its use cannot and should not however, be gauged on the one vocal response as it cannot represent the large number of Access apps created by programmers and non programmers).

Access JET .mdb is a very mature technology. It is very understood by senior developers since it is at least 10 years old. I would expect not to "chuck it out" considering that there is a continuing revenue source from it's support. By "chuck it out" meaning to stop adding features to it or making new Access features inoperative if you select it. The ULS has always been problematical because it is onerous to administer but it has one facet - it allows us to simply differentiate users (user login) and differentiate between the developer vs the user (them and us) in terms of object permissions and design. Of course, third party could re-invent the whole thing if ULS disappears but breaking it does not make sense.

Access + SQL Server looks like gaining some ground - this despite the fact that Jet cannot insulate the event handling and the performance impacts. And that .ADP is such a weap wrapper over SQL-DMO and OLEDB. And that Access is not a three tier animal supporting business objects and class abstraction.

Access + Sharepoint which Eric assures us is growing waay fast - (as fast as the number of Access Team Members in Microsoft?). I may not doubt the growth rate, but I doubt the quantum compared to the previous two architectures.

So, where is Access headed? And will we get a better beast which can is multi-faceted or will we get an beast which is all features and no substance?

# Keith Wilby said on October 24, 2005 3:46 AM:

In reply to TC (I don't know how to quote text here!) what I meant was that I would have to get special dispensation to "upsize" an Access application to MS SQL Server. I take your point about using an Oracle BE and Access FE but sadly that would also incur the wrath of out IT providers.

# TC said on October 24, 2005 10:49 PM:

Ananda wrote:
> The ULS has always been problematical because it is
> onerous to administer

I've always thought that the UI to the security model was - how to put this - "suboptimal" :-) But those are all cosmetic problems IMHO. You could revamp the UI, and fix some of the common confusions surrounding workgroup files, without changing the underlying model at all, IMHO.

PS. Keith: you do the quoting "automanually"! :-)

# Ananda Sim said on October 27, 2005 7:50 PM:

TC wrote:
>I've always thought that the UI to the security model was - how to put this - "suboptimal"

Agreed generally.

The minimum one prefers for "navigation security" is somehow to restrict "them vs us" in terms of users vs developers/authors. Of course, we have to then set up individual Access logins (vs for example SQL Server model which can use the native Windows account that user is already authenticated against). Then we have to flag the Form but some project requirements need us to discriminate to the Control level.

If we want more than navigation security, then we have to flag the individual objects - Forms, Reports, Tables, Queries, etc... We handle more types of objects than SQL Server because Access is both UI and infrastructural objects.

So apart from the actual Security Management screens, Security is always an onerous job which is why Access with no security is IMHO great for many scenarios.

When we do want to employ security, we must decide whether we want minimal security (one mdb password to me isn't minimal security) for user authentication and navigation or comprehensive security - where we secure infrastructural objects as well.

# TC said on October 28, 2005 1:55 AM:

I'm surprised by all the emphasis on navigational security. I assumed that most developers used it for data security.

I guess we're all still waiting for an answer to the key question: does ADE still have, or NOT still have, user level security? Come on Erik, put us out of our misery on this. I suspect I can speak for the others in saying, we do not yet understand what's happened with ULS. Is it still there? Not still there? Replaced by something equivalent? Replaced by something totally different?

# Mike Alexander said on October 28, 2005 8:56 PM:

What's the point of this blog if you're not going to update it!

# R said on October 29, 2005 8:19 PM:

http://blogs.msdn.com/andrewrmiller

Andrew Miller also had a blog (above link) that he stopped updating. I'm guessing that Access is still to early in the alpha/beta cycle, that they are afraid to comment. Perhaps they are concerned that the features they discussed won't make it to the final version.

# TC said on October 29, 2005 9:33 PM:

But they /have/ commented. Unfortunately their comments are contradictory (in some areas), and they don't seem keen to clarify :-(

# Francis Taivavashe said on February 3, 2006 2:31 AM:

We need more information from Microsoft Access Team about the following:

1. What will be the default language for new JET in Acces 12? Is it DAO or ADO? Which one are they vigorously persuing?

2. ADP, is it going to continue to use ADO or ADO.NET? ADP has been good product for me. I wish if it could be fined tune so that it could fully take advantage of SQL 2005 Express.

3. What is this animal called SharePoint Services?

# StepUP said on February 9, 2006 9:56 AM:

Is this topic still active? I would still like further clarification on security issues.

Thanks,

John F

# Alan Cossey said on February 27, 2006 4:14 AM:

John F,
It doesn't look like this topic is still active either on the blog (since there has been no reply to your post from 18 days ago) or, worse, in the minds of the Access developers. This topic concerns me deeply and no-one from Microsoft seems to be taking any notice of the concerns raised here. The new functionality in the product looks really good, but what on earth are Microsoft doing with the security for ACE/Jet? All we have got is a mention about new navigation procedures, which is not about real security as far as I can tell, and the assurance that what security there was is going to be removed. I thought Microsoft was meant to be beefing up its security, not taking it away.
If you look at Erik's list of things he intends to post about, security is not on the list unless it is to be covered in "Access' limits", which sounds scarey.

Come on, Microsoft, why the deafening silence?

Alan Cossey

# Rob said on March 6, 2006 4:46 PM:

I just saw on www.vb123.com that they have indeed done a number on the ULS for the next rev of Access.  I too, am very annoyed at this.  I work in an environment where we don't worry about 'crackers' etc (our users are 'trustworthy').  However, ULS allows us to protect our users from themselves with Read-only groups, read-write groups, and developers and allows us to have audit trails based on currentuser.
I am eagerly (anxiously) awaiting the details on what is going to happen in this area.

# Di Cook said on March 10, 2006 12:17 AM:

Please don't get rid of ULS.  I have many applications where the log on is used to offer read only or more advanced options, indeed we use the user log on to allow all sorts of permissions.  I know there are cracks out there but these are not usually known to office users and our system works well.

# Roy Thompson said on March 16, 2006 8:14 PM:

I haven't seen any mention of how MS-Word interfaces (and doesn't interfaces so) well with Access.  I have heard rumor of putting the Word documents INSIDE the database. That would be an improvement as the pointers get lost, oh so very easily. Try just doing a backup/restore of a directory where all the Word documents and database are housed. Bye, bye pointers. Forces putting the documents inside, but the interface and features are few.

And I'd have to agree, take away ULS and you really are going down the Ford Mustang design road, where after 1969, it just got fatter, uglier and more difficult to handle. At some point, you'll have a lot of users driving the old model and having their own annual rallies to share experiences.

# Darryl said on March 20, 2006 2:49 PM:

What!?  No .NET yet? Doesn't sound like you're really "betting the company."

No database logins with ULS? Maybe I can finally convince the powers-that-be to remain with Access 2000.

# Renato said on May 17, 2006 10:37 AM:

I know that Access 2007 security is different.
But I need to open an Access 2003 secured database (with workgroup, users, etc) in Access 2007 to test it. Where is the workgroup administrator to attach the database to the .mdw?
I receive the well known msg : "You don't have the necessary permission to..."
I'm supposed to unsecure it, open it in Access 2007 in a trusted place?

# gay rape said on June 2, 2006 6:58 PM:

We are wellocme to it's configuration.

# rape movies said on June 30, 2006 1:37 AM:

Asaspal. Memrano tu es besta. Amigo.

# rape videos said on July 5, 2006 6:13 AM:

Your article is quite right, thanks.

# Alan Cossey said on September 14, 2006 3:33 AM:

Hi folks,
A couple of us (Brent Spaulding and I, Alan Cossey) have been trying to find a way of generating an equivalent of the old User Level Security (ULS) with the new Access 2007 file format. We've come up with a framework that we think is worthwhile. We've called it Virtual Password Protected Connection (vPPC) and it works by

1) Using a back end with database password and encryption.
2) Opening a connection to the data from the front end using code (which includes the back end password).
3) Opening up our form or report in the front end. Because there is a connection already open to the back end, it is not necessary to provide the back end database password again).
4) At a suitable point, closing the connection opened in 2).

We have two levels, which we have called vPPC Standard and vPPC Enhanced. I have written up vPPC Enhanced at www.pdtltd.co.uk/pdtl/Access2007/Access 2007 vPPC.pdf, though it is still a work in progress. The document gives links to some sample files in both Access 2007 and 2003 format. vPPC Enhanced gives, we believe, the better security because it moves the queries and linked tables out of the front end (out of harm's way) into a database-password-and-encryption-protected mid-tier database and bases the forms and reports on those queries and/or tables in the mid-tier, but still without needing any database password. The effect, if the connection is a Private connection, is that the user cannot open forms or reports in the front end using the Navigation Pane. Thus the developer is in control.

So far it has been just Brent and yours truly trying it out. That is not sufficient to determine whether this is going to really be a useful concept, so we would be most appreciative if some other people were to give it a go and let us know how they get on. If there are any major weaknesses, we need to know before we go relying on it big time.

Note that vPPC Enhanced is designed to:
1) Stop users from accessing tables and queries directly.
2) Only open forms and reports that the developer decides they can open.

At present, this is not fully a replacement for ULS on its own; it requires a further mechanism to allow the developer to distinguish between users. Since this could be done using any number of different mechanisms, e.g. based on the users' Windows ID's or by getting them to log in in some manner, we have kept that bit out of the write up and demos in the hope of keeping things as simple as possible.

# myname said on October 5, 2006 8:57 AM:

hello makakas http://blogs.msdn.com/access/archive/2005/10/19/482845.aspx

# Crad said on January 31, 2007 12:30 AM:

Hello makakas!!!

<a href= So many spammers here :(

></a>  [url=So many spammers here :(

][/url]  

New Comments to this post are disabled