545Chapter 22 ✦ Adding Security to Access Applications Figure 22-21: The Security Wizard helps jump-start your security implementation. When you select Create a new workgroup information file, the next screen, shown in Figure 22-22, asks you for the filename for the new file, a Workgroup ID number (WID) — which you should write down and save, and optionally, your name and company. Figure 22-22: Assigning a unique WID and name to new workgroup information file. 546 Part III ✦ Beyond Mastery: Initiative Within Office When the new workgroup information file screen appears, it automatically assigns a random 20-character string of numbers and letters to the WID (Workgroup ID) field. You can change this WID to any value. As Figure 22-22 shows, you can choose to make this the new default workgroup file for all databases (not recommended), or have Access create a shortcut to use this file only for this database (default). Selecting the option to create a shortcut associates this file with only one database. Click the Next button to display the next screen of the wizard. The next screen of the wizard, shown in Figure 22-23, lets you select the objects to secure. By default, the wizard secures all objects in the database. If you deselect an object type (such as Tables or Forms), none of the objects of that type are exported to the secured database. If you do not want to restrict security permissions for a set of objects but still want those objects included in the new secured database, be sure to select the objects in the wizard. Later on, modify the user and group permissions for those objects in the new secured database. When you are satisfied with your object selections, select the Next button to continue. Figure 22-23: Selecting the objects to secure. The next screen of the wizard, shown in Figure 22-24, asks you to create an optional security group account for a series of group actions. These include: . Backup Operators: Can open the database exclusively for backing up and compact- ing. . Full Data Users: Can edit data, but not alter design. 547Chapter 22 ✦ Adding Security to Access Applications . Full Permissions: Has full permissions for all database objects, but can’t assign permissions. . New Data Users: Can read and insert data only (no edits or deletions). . Project Designers: Can edit data and objects, and alter tables or relationships. . Read-Only Users: Can read data only. . Update Data Users: Can read and update, but can’t insert or delete data or alter design of objects. Check all of the optional security groups displayed in the wizard screen. After you have selected all groups, select the Next button to continue. Figure 22-24: Additional optional security groups for the database. Notice that the next page of the wizard, shown in Figure 22-25, lets you choose to grant permissions to the Users group (the default is no permissions). By selecting Yes, you are able to assign rights to all object types in the database. Figure 22-25 shows this page with the Yes option selected. However, you should select the default choice: No — the Users group should not have any permissions. Select the Next button to continue to the next wizard screen. 548 Part III ✦ Beyond Mastery: Initiative Within Office Figure 22-25: Choosing whether or not to assign permissions to the Users group. If you decide to grant any permissions to the Users group, you should be aware that anyone with a copy of Access will have the same permissions that you assign to this group. Essentially, you are exposing the database to a security breach if you assign rights to this group. The next page, shown in Figure 22-26, lets you add users to the workgroup information file. To add a user, enter the name and password information in the appropriate fields and select the Add a New User button. Figure 22-26: Adding users and passwords to the workgroup information file. Caution 549Chapter 22 ✦ Adding Security to Access Applications As Figure 22-26 shows, you can also remove users from the list by simply selecting their name from the list box on the left and selecting the Delete User from the List button. Select the Next button to continue. The next wizard screen to display, shown in Figure 22-27, enables you to assign users to groups in your workgroup information file. If you added optional groups from the previous page (as shown in Figure 22-24), you can assign a user to any of these groups by checking the appropriate check box. To assign rights to a user, simply select the user from the drop- down list and then assign that user to groups using the check boxes. By default, all users, except the person creating the wizard, are assigned to new groups. Click the Next button to continue on to the next screen. Figure 22-27: Adding users to groups for group rights. The last page of the wizard displays, as shown in Figure 22-28. In this screen, the Security Wizard asks you to provide a name for the old, and now unsecure, database. The default name is the same name as the current database with the extension .bak. Select the Finish button to finish creating the new secure database. 550 Part III ✦ Beyond Mastery: Initiative Within Office Figure 22-28: In the Final wizard screen, the Security Wizard asks you to assign a name for the old database. Technically, the Security Wizard doesn’t make any modifications to the current database; rather, it makes a backup copy by using the name that you specify and creates an entirely new database with secured objects. However, the new database is given the name of the original database. When you distribute your secured application, be sure to distribute the database that the Security Wizard created for you. When the Security Wizard has finished creating the new database, it generates a report called One-Step Security Wizard Report, as shown in Figure 22-29. The report contains all of the settings used to create the users and groups in the workgroup information file. You should keep this information. You will need it if you ever have the need to re-create the workgroup file. Caution 551Chapter 22 ✦ Adding Security to Access Applications Figure 22-29: Choosing whether or not to assign permissions to the Users group. If you click the Finish button and Access finds any problems, it won’t create the security data- base or the backup that you requested. Generally, you will get this error if you have created the database and logged on as a user that secured the table and then re-logged on as another user to secure it. This wizard works best with databases that have not had any previously defined security. Generally, making a copy of the original database and working with the secured database is a good idea. If you make changes to the original database, you will need to run the Security Wizard again to create a secured version of the database. In addition, making a copy of the original database and then removing it from development helps prevent accidentally distributing the unsecured database. Encrypting a Database When security is of utmost importance, one final step that you need to take is to encrypt the database. Although it takes a great deal of skill (far more than the average computer user — or developer — possesses), it is possible to view the structure of an unencrypted database. A skilled hacker may use this information to reconstruct SIDs and gain full access to your secured database. Caution 552 Part III ✦ Beyond Mastery: Initiative Within Office Encrypting a database makes using such tools to gain any useful information about the database virtually impossible. Only the database owner or a member of the Admins group (or a really good computer hacker) can encrypt or decrypt a database. To encrypt a database, follow these steps: 1. Open Access, but do not open a database. Select Tools_Security_Encrypt/Decrypt Database (see Figure 22-30). Figure 22-30: Encrypting a database helps secure it from highly skilled hackers. 2. Select the database to encrypt from the Encrypt/Decrypt dialog box. 3. Provide a name for the new encrypted database. Access doesn’t modify the original database when it encrypts it. Rather, Access creates a clone of the database and encrypts the clone. Just like when using the Security Wizard, you should make a backup copy of the original database and store it somewhere safe to prevent accidentally distributing the unencrypted database. Remember that in a world of rapidly changing data, your backup will rapidly become out of date. When encrypting a database, however, be aware of the following drawbacks: . Encrypted databases don’t compress from their original size when used with compression programs, such as WINZIP or the ODE Setup Wizard. Encryption modifies the way that the data is stored on the hard drive so compression utilities have no effect. . Encrypted databases suffer some performance degradation (up to 15 percent). Depending on the size of your database and the speed of your computer, this degradation may be imperceptible. 553Chapter 22 ✦ Adding Security to Access Applications Encryption is performed in addition to securing a database. A secure database is one that is secured using users, groups, and permissions. Simply encrypting a database does nothing to secure the database for general Access users. Decrypting a Database You can decrypt a previously encrypted database. To decrypt a database, simply follow these steps (which are similar to the encrypting process): 1. Start Access but do not open a database. Select Tools_Securi ty_Encrypt/Decrypt Database. 2. Select the database to decrypt from the Encrypt/Decrypt dialog box. 3. Provide a name for the new decrypted database. Protecting Visual Basic Code Although setting user-level security allows you to restrict access to tables, forms, and reports in your database, it does not prevent access to the Visual Basic code stored in modules. You control access to the Visual Basic code in your application by creating a password for the Visual Basic project that you want to protect. When you set a database password for a project, users are prompted to enter the password each time they attempt to view the Visual Basic code in the database. A Visual Basic project refers to the set of standard and class modules (the code behind forms and reports) that are part of your Access database (.mdb) or Access project (.adp). 1. Open any standard module in the database. For this example, open the basSalesFunctions modules in Chap34Start.mdb. When you open the basSalesFunctions module, the Visual Basic Editor displays. 2. In the Visual Basic Editor, select Tools_Access Auto Auctions Properties. The Access Auto Auctions — Project Properties dialog box displays. 3. Select the Protection tab in the Project Properties dialog box. Check the option labeled “Lock project for viewing.” 4. In the Password field, type the password that you want to use to secure the project (see Figure 22-31). For this example, use the password bible. Access does not display the password; rather, it shows an asterisk ( * ) for each letter. Note Note 554 Part III ✦ Beyond Mastery: Initiative Within Office Figure 22-31: Creating a project password restricts users from viewing the application’s Visual Basic code. 5. In the Confirm Password field, type the password again. This security measure ensures that you don’t mistype the password (because you can’t see the characters that you type) and mistakenly prevent everyone, including you, from accessing the database. 6. Click OK to save the password. After you save and close the project, any user who attempts to view the application’s Visual Basic code must enter the password. Access prompts for the project password only once per session. A more secure method of securing your application’s code, forms, and reports is to distribute your database as an .MDE file. When you save your database as an .MDE file, Access compiles all code modules (including form modules), removes all editable source code, and compacts the database. The new .MDE file contains no source code but continues to work because it contains a compiled copy of all of your code. Not only is this a great way to secure your source code, it also enables you to distribute databases that are smaller (because they contain no source code) and always keep their modules in a compiled state. Preventing Virus Infections Implementing a good user-level security scheme will protect your database from unauthorized access to the information or objects in your database. User-level security does not, however, protect the physical database file from malicious macro virus attacks. You probably have had experience at some point with a virus attack on your computer. Or most likely, you know someone who has. It goes without saying that it is imperative to install and run a virus scanning utility on your workstation. Even though you may be religious about keeping your virus scanner up to date, new viruses crop up all the time. [...]... However, its focus is on publishing FrontPage Web on Office 2003 s SharePoint server, as well as the lists and other special features available for this server 563 564 Part III ✦ Beyond Mastery: Initiative within Office Spreadsheet Components Spreadsheet Web components (Office Spreadsheet, Office Chart, and Office Pivot Table) are actually embedded pieces of Microsoft Excel The main deal with these components... matches), file date, and file size of the matches Figure 23 -10 shows the Search Results tab of the Search Form Properties dialog box 573 574 Part III ✦ Beyond Mastery: Initiative within Office Figure 23 -10: FrontPage allows tremendous control over how search results are displayed Spreadsheets and charts You can insert Office spreadsheets, charts, and Office PivotTables into your Web pages Hit counters The... must have Excel installed, or download programs that function as a kind of limited Excel viewer As we go to press, Microsoft has not yet released a public domain downloadable Excel viewer for Excel 2003 However, downloadable viewers for older versions of Excel are available at http:/ /office .microsoft. com/Downloads/ Web site visitors who use a downloaded viewer will not have full functionality for spreadsheet... your applications and sensitive data from exposure to these kinds of attacks When you run forms, reports, queries, macros, data access pages, and Visual Basic code in your application, Microsoft Office Access 2003 uses the Microsoft Jet Expression Service to scan the commands these objects execute to make sure that these commands are safe Unsafe commands could allow a malicious user to hack into your hard... use If your site is published to a server running IIS, the search form uses Microsoft s Indexing Service to search the text index Since Indexing Service has more extensive support for searching Microsoft Office documents, you get more search options when your site is connected to an IIS server If you publish your site to a server using FrontPage extensions on a non-IIS server, FrontPage uses a different... your search engine isn’t working, contact your server provider and make sure the necessary index files have been created at the server As we go to press, Microsoft is providing information on these issues at: www .microsoft. com/TechNet/sharepoint/admindoc/owsi06.htm Is all this too much hassle? One option is to use one of the free, downloadable search boxes available from folks like FreeFind.com (www.freefind.com)... encrypted secure file that accompanies a macro or document It confirms that the author is a trusted source for the macro or document A digital signature is contained in a digital certificate You, or your organization’s IT department, can obtain a digital certificate through a commercial certification authority, like VeriSign, Inc Search www.msdn.com for Microsoft Root Certificate Program Members” to... components require FrontPage server extensions The following FrontPage components work only when your site is published to a Web server with FrontPage server extensions: Web Search Hit Counter Top 10 List List View Document Library View If you aren’t publishing your Web to a server armed with FrontPage extensions, you can disable the components that require extensions by selecting Tools _ Page Options,... functionality for spreadsheet components, but will be able to view spreadsheet data Both in their use and their function, the three Spreadsheets and Charts components fall more in the category of Microsoft Office application integration Inserting Components You can add a component to your Web page in two ways: Insert the component directly into your Web page (the primary method) Use one of the many... any kind of server — UNIX, Linux, Microsoft Internet Information Services (IIS), and so on However, search form properties are a little different for IIS, and other servers The description of search results options here may differ slightly from your options depending on the kind of server you use If your site is published to a server running IIS, the search form uses Microsoft s Indexing Service to search . queries, macros, data access pages, and Visual Basic code in your application, Microsoft Office Access 2003 uses the Microsoft Jet Expression Service to scan the commands these objects execute to. Office Spreadsheet Components Spreadsheet Web components (Office Spreadsheet, Office Chart, and Office Pivot Table) are actually embedded pieces of Microsoft Excel. The main deal with these components. press, Microsoft has not yet released a public domain downloadable Excel viewer for Excel 2003. However, downloadable viewers for older versions of Excel are available at http:/ /office .microsoft. com/Downloads/. Web