Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 62 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
62
Dung lượng
1,76 MB
Nội dung
553Chapter 22 ✦ Adding Security to Access Applications Encryption is performed in addition to securing a database. A secure database is one that is secured using users, groups, and permissions. Simply encrypting a database does nothing to secure the database for general Access users. Decrypting a Database You can decrypt a previously encrypted database. To decrypt a database, simply follow these steps (which are similar to the encrypting process): 1. Start Access but do not open a database. Select Tools_Securi ty_Encrypt/Decrypt Database. 2. Select the database to decrypt from the Encrypt/Decrypt dialog box. 3. Provide a name for the new decrypted database. Protecting Visual Basic Code Although setting user-level security allows you to restrict access to tables, forms, and reports in your database, it does not prevent access to the Visual Basic code stored in modules. You control access to the Visual Basic code in your application by creating a password for the Visual Basic project that you want to protect. When you set a database password for a project, users are prompted to enter the password each time they attempt to view the Visual Basic code in the database. A Visual Basic project refers to the set of standard and class modules (the code behind forms and reports) that are part of your Access database (.mdb) or Access project (.adp). 1. Open any standard module in the database. For this example, open the basSalesFunctions modules in Chap34Start.mdb. When you open the basSalesFunctions module, the Visual Basic Editor displays. 2. In the Visual Basic Editor, select Tools_Access Auto Auctions Properties. The Access Auto Auctions — Project Properties dialog box displays. 3. Select the Protection tab in the Project Properties dialog box. Check the option labeled “Lock project for viewing.” 4. In the Password field, type the password that you want to use to secure the project (see Figure 22-31). For this example, use the password bible. Access does not display the password; rather, it shows an asterisk ( * ) for each letter. Note Note 554 Part III ✦ Beyond Mastery: Initiative Within Office Figure 22-31: Creating a project password restricts users from viewing the application’s Visual Basic code. 5. In the Confirm Password field, type the password again. This security measure ensures that you don’t mistype the password (because you can’t see the characters that you type) and mistakenly prevent everyone, including you, from accessing the database. 6. Click OK to save the password. After you save and close the project, any user who attempts to view the application’s Visual Basic code must enter the password. Access prompts for the project password only once per session. A more secure method of securing your application’s code, forms, and reports is to distribute your database as an .MDE file. When you save your database as an .MDE file, Access compiles all code modules (including form modules), removes all editable source code, and compacts the database. The new .MDE file contains no source code but continues to work because it contains a compiled copy of all of your code. Not only is this a great way to secure your source code, it also enables you to distribute databases that are smaller (because they contain no source code) and always keep their modules in a compiled state. Preventing Virus Infections Implementing a good user-level security scheme will protect your database from unauthorized access to the information or objects in your database. User-level security does not, however, protect the physical database file from malicious macro virus attacks. You probably have had experience at some point with a virus attack on your computer. Or most likely, you know someone who has. It goes without saying that it is imperative to install and run a virus scanning utility on your workstation. Even though you may be religious about keeping your virus scanner up to date, new viruses crop up all the time. 555Chapter 22 ✦ Adding Security to Access Applications Therefore, you have to be proactive about protecting your applications and sensitive data from exposure to these kinds of attacks. When you run forms, reports, queries, macros, data access pages, and Visual Basic code in your application, Microsoft Office Access 2003 uses the Microsoft Jet Expression Service to scan the commands these objects execute to make sure that these commands are safe. Unsafe commands could allow a malicious user to hack into your hard drive or other resource in your environment. A malicious user could possibly delete files from your hard drive, alter the computer’s configuration, or generally create all kinds of havoc in your workstation or even throughout your network environment. The Microsoft Jet Expression Service checks its list of unsafe commands. When Access encounters one of the unsafe commands, it can block the command from execution. To tell Access to block these potentially unsafe commands, you must enable sandbox mode. To review the list of unsafe commands, search Access help for “About Microsoft Jet Expression Service sandbox mode.” Enabling sandbox mode Sandbox mode allows Access to block any of the commands in the unsafe list it encounters when running forms, reports, queries, macros, data access pages, and Visual Basic code. To enable sandbox mode, follow these steps: 1. Open Access, but do not open a database. Select Tools_Macro_Security. The Security dialog box displays, as shown in Figure 22-32. 2. In the Security dialog box, select the High or Medium option. 3. Select the OK button to close the Security dialog box. 4. Restart Access to apply the security change. Tip Figure 22-32: Enabling sandbox mode. 556 Part III ✦ Beyond Mastery: Initiative Within Office When you enable sandbox mode, it applies to all Access users on the workstation. The Security dialog box provides three levels of macro security: . High: Macros must be digitally signed. Unsigned macros will not run. The status of the macro’s digital signature is validated for digitally signed macros. . Medium: The status of the macro’s digital signature is validated for digitally signed macros. For unsigned macros, a prompt displays advising the user to enable the macro or to cancel opening the database. . Low: Macros are not checked for digital signatures and no warning displays for unsigned macros. A digital signature is an encrypted secure file that accompanies a macro or document. It confirms that the author is a trusted source for the macro or document. A digital signature is contained in a digital certificate. You, or your organization’s IT department, can obtain a digital certificate through a commercial certification authority, like VeriSign, Inc. Search www.msdn.com for “Microsoft Root Certificate Program Members” to obtain information on how to obtain a digital certificate. If you are sure of the integrity of your database, you can select the Low security setting. Digital signatures are generally implemented within large organizations that are willing to fund the added expense of purchasing and keeping digital signatures up to date. For most applications, however, you will probably use the Low setting. If you or your organization has acquired a digital certificate, you can use it to digitally sign your Access project. To digitally sign your Access project, follow these steps: 1. Open the Access database to digitally sign. Select Tools_Macro_Visual Basic Editor from the Access menu. The Visual Basic Editor opens. 2. Select Tools_Digital Signature from the Visual Basic Editor menu. The Digital Signature dialog box displays, as shown in Figure 22-33. Note Figure 22-33: Digitally signing an Access project. 3. Select Choose. The Select Certificate dialog box displays, as shown in Figure 22-34. 557Chapter 22 ✦ Adding Security to Access Applications Figure 22-34: Choosing a digital certificate. 4. Select the certificate to add to the Access project. Then select OK to close the Select Certificate dialog box. 5. Select OK to close the Digital Signature dialog box and save the security setting. Do not sign your Access project until the application has been thoroughly tested and you do not expect to make any further changes to it. Modifying any of the code in the project will invalidate the digital signature. To prevent users from making unauthorized changes to the code in your project, be sure to lock the project and apply a project password. With a full understanding of the Jet security model and how to manage it, you can create databases that protect your development investment and your users’ data. ✦✦✦ Note Tip 23 23 In This Chapter Exploring FrontPage Web components Web components that require FrontPage extensions Inserting a time stamp Activating a hit counter Creating hover buttons and marquees Working with Web components in forms Working with images Providing search boxes for visitors CHAPTER Adding FrontPage Web Components T his chapter introduces FrontPage Web Components, a.k.a. FrontPage components, a.k.a. Web components, and a.k.a. just plain ol’ components. These handy features allow you to do everything from generate and automatically update a table of contents, to create hover buttons that change when a visitor moves over them with a cursor. Adding FrontPage Web Components Many of the Web components add interactivity to your site. These interactive elements respond to the actions of visitors. For example, a hit counter responds to a visit by changing the number of visitors displayed, and search boxes respond to a visitor’s query with a list of matching pages. Prior to FrontPage 98, FrontPage components were called WebBots. Now we are in the new millennium, and Microsoft still uses WebBots in the HTML codes for FrontPage components. As you add components to your page, you can click the HTML tab to see the WebBot terminology in place. Defining and using components FrontPage components are actually small programs that are embedded in FrontPage. You don’t need to know how Web components work to use them, but you should be aware of two particular attributes of components: Note 560 Part III ✦ Beyond Mastery: Initiative within Office . Web components enable you to use preprogrammed elements that normally require a scripting language to create. . Many (roughly half) of the Web components work only after your Web is published to a Web server with FrontPage extensions. We’ll explore the implications of having (or not having) access to a server with FrontPage exten- sions throughout this chapter, both in relation to using components in general, and in relation to specific components. Web components are programs Web components are prefabricated programming modules that you can customize and insert into your Web pages. When you add a Web component to your Web page, FrontPage inserts HTML tags that reference it, much as HTML is used to reference a graphic, a sound file, or a Java applet. Customization of components is done through HTML attributes in the component tag. Figure 23-1 shows an example of the HTML used to point to a component. In this case, you can see WebBot tags for a Navigation component. Note Figure 23-1 HTML for a component 561Chapter 23 ✦ Adding FrontPage Web Components If FrontPage components are little programs, where the heck are these programs stored? That depends. Components that require FrontPage server extensions are stashed on Web servers, and simply called by the code that FrontPage inserts into your page. No connection to a FrontPage Web server? In that case, these components won’t work. While about half of the FrontPage components rely on FrontPage server extensions to work, other components (like the Photo Gallery) generate JavaScript code. All recent version browsers (going back to version 4) support JavaScript, and so the programming support for these components is essentially in a visitor’s own Web browser. Still other components (like hover buttons or the Banner Ad Manager) generate Java programs, which are saved to your Web. Many Web components require FrontPage server extensions The following FrontPage components work only when your site is published to a Web server with FrontPage server extensions: . Web Search . Hit Counter . Top 10 List . List View . Document Library View If you aren’t publishing your Web to a server armed with FrontPage extensions, you can disable the components that require extensions by selecting Tools _ Page Options, and clicking the Authoring tab. Then, use the FrontPage and SharePoint technologies drop-down menu to select “custom” or “none” in order to use selected or no FrontPage components. x. After you do that, only those components that do not require FrontPage extensions will display. When you choose Insert _ Navigation, the rest of the components are grayed out, as shown in Figure 23-2. Figure 23-2 Hit counters components require FrontPage extensions. 562 Part III ✦ Beyond Mastery: Initiative within Office If you are saving your Web to a disk folder (a disk-based Web), the FrontPage server extension requiring Web components will be grayed out automatically. Developing on a Disk but Developing for a Server? Suppose you are developing your Web site using a drive-based Web or a server that doesn’t have FrontPage extensions, but you plan eventually to publish your Web to a server that does have FrontPage extensions. If you are using a server without FrontPage extensions, you can still install (non-working) components. In this scenario, do not disable components. You can still place them on Web pages — you just can’t test them or use them in a Web site until you publish to a FrontPage- friendly Web server with FrontPage extensions. On the other hand, if you are developing your site using a disk-based Web, but eventually plan to publish it to a server with FrontPage extensions, you have to turn on the features that require FrontPage server extensions. Do this by choosing Tools _ Page Options, and selecting the Enabled with FrontPage Server Extensions check box in the Compatibility tab of the Page Options dialog box. In this scenario, you are fooling FrontPage, telling it that your site is published to a FrontPage Web. Remember, some components won’t work until you actually publish your site to a FrontPage server. Because components require FrontPage-enabled servers, they are less portable than standard CGI applications or Java applets and are more akin to other Microsoft technologies, such as Active Server Pages (ASP), that are limited to servers supported by Microsoft. But, if you have access to a FrontPage-enabled Web server, the ease with which you can add compo- nents makes using them hard to resist. If you don’t plan to publish your Web site to a FrontPage server and you are inclined to do your own scripting and programming, you can jump ahead to Part V of this book, which introduces other programming components that you can use to create many of the same functions (with perhaps a bit more labor on your part). Many components don’t require FrontPage extensions If you are creating a Web for a server without FrontPage extensions, you can use the components identified in Table 23-1. Some of these components simply generate HTML code. Others generate Java applets, and others create JavaScript. [...]... However, its focus is on publishing FrontPage Web on Office 2003 s SharePoint server, as well as the lists and other special features available for this server 563 564 Part III ✦ Beyond Mastery: Initiative within Office Spreadsheet Components Spreadsheet Web components (Office Spreadsheet, Office Chart, and Office Pivot Table) are actually embedded pieces of Microsoft Excel The main deal with these components... matches), file date, and file size of the matches Figure 23 -10 shows the Search Results tab of the Search Form Properties dialog box 573 574 Part III ✦ Beyond Mastery: Initiative within Office Figure 23 -10: FrontPage allows tremendous control over how search results are displayed Spreadsheets and charts You can insert Office spreadsheets, charts, and Office PivotTables into your Web pages Hit counters The... must have Excel installed, or download programs that function as a kind of limited Excel viewer As we go to press, Microsoft has not yet released a public domain downloadable Excel viewer for Excel 2003 However, downloadable viewers for older versions of Excel are available at http:/ /office .microsoft. com/Downloads/ Web site visitors who use a downloaded viewer will not have full functionality for spreadsheet... contents generated by the template, double-click the TOC to open the Table of Contents Properties dialog box Top 10 lists Top 10 lists work for pages saved to Webs on servers with FrontPage 2003 extensions They generate lists based on data collected by the server when visitors come to your site Top 10 lists are a way of sharing with your visitors information similar to what you see internally when you view... click OK Top 10 lists must be previewed in a browser (not in Preview tab) to see actual content Note As of this writing, the latest version of FrontPage 2003 does not allow you to apply local (inline) formatting to the text generated by Top 10 lists To format the fonts in these lists, you can instead use page or external style settings Here’s one way to change the formatting of a Top 10 list: right-click... SharePoint Office Server shipped with the current release of Microsoft Office This server and its built-in features are mainly designed to quickly generate an out-of-the-box intranet portal for an organization Commercial and additional components FrontPage offers a number of embedded commercial content options These options are generally self-explanatory content that is provided by other companies (or Microsoft) ... shared with visitors in a Top 10 browsers list Overall, this feature is just an easy and automated way to share statistical information about your site with visitors The available Top 10 lists are as follows: Visited pages Referring domains Referring URLs Search strings Visiting users Operating systems Browser 583 584 Part III ✦ Beyond Mastery: Initiative within Office All lists are embedded... Mastery: Initiative within Office All lists are embedded in a page the same way: 1 Select Insert _ Web Component, and click Top 10 List 2 Choose one of the available lists 3 Click Finish to display the Top 10 List Properties dialog box, shown in Figure 23-21 Figure 23-21: Top 10 lists can be displayed in a variety of list formats 4 You can edit the default list title by entering new text in the Title... any kind of server — UNIX, Linux, Microsoft Internet Information Services (IIS), and so on However, search form properties are a little different for IIS, and other servers The description of search results options here may differ slightly from your options depending on the kind of server you use If your site is published to a server running IIS, the search form uses Microsoft s Indexing Service to search... you use If your site is published to a server running IIS, the search form uses Microsoft s Indexing Service to search the text index Since Indexing Service has more extensive support for searching Microsoft Office documents, you get more search options when your site is connected to an IIS server If you publish your site to a server using FrontPage extensions on a non-IIS server, FrontPage uses a different . queries, macros, data access pages, and Visual Basic code in your application, Microsoft Office Access 2003 uses the Microsoft Jet Expression Service to scan the commands these objects execute to. Office Spreadsheet Components Spreadsheet Web components (Office Spreadsheet, Office Chart, and Office Pivot Table) are actually embedded pieces of Microsoft Excel. The main deal with these components. press, Microsoft has not yet released a public domain downloadable Excel viewer for Excel 2003. However, downloadable viewers for older versions of Excel are available at http:/ /office .microsoft. com/Downloads/. Web