Why is Operating System Security Important for My Database?

Overview for the DBA and the Developer

This is one chapter in the book where the DBA may feel more comfortable than the developer when it comes to Access security. In this chapter, I will demonstrate all the steps necessary to establish appropriate operating system security for your database:

• To establish folder permissions to restrict who uses your database.

• To establish folder permissions so that users who have permission to use the database will find it very hard to copy either your database(s) or workgroup files as complete files. These instructions will also make it hard for users to locate the database so that they can export objects and data into another database.

• To use the same folder permissions to make it very hard for password-cracking software to analyze the workgroup files and deduce the user names and passwords in those files. Because users will also find it difficult to copy these files, this technique greatly reduces the problems posed by this software.

The purpose of these demonstrations is to help you undertake proof-of-concepts testing before you demonstrate the ideas to a system administrator. If you just happen to be that system administrator, you should find that the information readily adapts to your Windows server environment. If you are an Access developer who works from home or on a small peer-to-peer network, you can actually undertake this testing on your computers and then incorporate this knowledge into your portfolio of skills. In the end, these operating system strategies will greatly improve the level of your database security.

Overview for the IT Manager

When it comes to protecting important Access databases with the operating system, the question is more one of why shouldn't we be doing this rather than why should we. In the section "Proof-of-Concept Operating System Security," you will see how to set up permissions for a folder so that only members of an operating systems permission group (called Access Editors in this chapter) will be able to open the database or any other file in that folder. If you really want to protect your database with the operating system, the section "The Access Protected Folder Strategy" will show you how to stop users from listing contents of the database folders and, subsequently, copying their contents.

If your system administrator sets up these permissions for a database folder, any new users of your computer systems (or domain for bigger sites) will have to be added to the Access Editors group as part of an additional step. If I were the IT manager, I would rather worry about giving additional permissions to a user rather than lose sleep worrying about whether that user had found and opened an important Access database.

For both of these approaches, you will find a discussion, "Testing the Permissions," toward the end of each section that will show you what happens when this security is set up.

Wrap up for all Readers

Because this is the final chapter in this book, I will address a number of other related issues that you should be aware of. Having an understanding of what these issues are will allow you to promote a more secure environment for the database that you are trying to protect. These discussions include

• The security implication of installing front-end databases on client computers' local drives .

• Why you cannot set permissions on individual database files.

• An overview of why NTFS (new technology file system) hard drive partitions are important.

• Why you might consider screen saver passwords.

• An overview on how to set up Windows XP clients properly.

• A comparison of the differences between Windows XP Home and Windows XP Professional operating systems.

• A checklist of other security-related issues that you need to be concerned about.