> >Q2: Program protection
> >Is it possible to decompile a *.mde file to extract the VBA code of forms,
> >report and modules, re-edit forms and report? (I disabled the Bypass key (the
> >SHIFT key) with AllowBypassKey property)

>The other way would be to remake the whole program using Visual Studio
>Visual Basic? (While connecting to Access or SQL Server table with Visual
>Basic)

>I just finished a MS Access 2003 program. The VBA code is protected with a
>password in the *.mdb file. I compiled it into a *.mde file. I also disabled
>the Bypass key (the SHIFT key to ignore startup options) while keeping a
>secret password protected back door for me. I did not use database password
>since there are lots of password crackers. But I do offer the user the option
>to use or not a password saved in a table. I think that this password will
>only stop the average people from snooping in his personal data. But a
>programmer could use a “Microsoft.Jet.oledb.4.0” connection to list the
>tables and queries and their fields, and therefore the data.
>
>Q1: Data protection
>I do not see how else to protect the data. But I can live with that flaw. I
>do not want to use “user and group accounts” since not everybody wants to use
>a password, and the user password popup will unfortunately always appear.
>
>Q2: Program protection
>Is it possible to decompile a *.mde file to extract the VBA code of forms,
>report and modules, re-edit forms and report? (I disabled the Bypass key (the
>SHIFT key) with AllowBypassKey property)
>
>Q3: Copy protection
>For now, I ask the user to E-mail me his MAC address. I hardcode his MAC
>address in the program (a String global variable), and the program reads all
>available MAC addresses of the computer for comparison. For now, it will do
>since I do not have lots of orders, and I have very little publicity. But
>when I will afford adds, and more frequent orders come, program keys will
>have to be automated. How could that be done? Should the program be able to
>communicate to a website database, some how?

"Chris O'C via AccessMonster.com" wrote:

> There are low cost tools on the Internet to remove the VBA password.  If you
> know where to look you can find out how to remove the VBA password for free.
>
> Since you didn't apply user level security to your file, anybody can reenable
> the shift key bypass on your file.  Push Ctrl+G to open the immediate window,
> paste this line of code and hit enter:
>
> CurrentDb.Properties.Delete "AllowBypassKey"
>
> Close the db and reopen it while pushing the shift key.  Your startup
> settings have been bypassed.
>
> In case your users don't know to use that 1 line of code, they can find free
> tools to set/unset the shift key bypass in any unsecured Access db.  Albert
> Kallal's is pretty easy to find.  It's recommended often in these groups.
>
> http://www.members.shaw.ca/AlbertKallal/msaccess/msaccess.html
>
> Since you didn't apply user level security to your file, anybody can use the
> link table manager to link to the tables and read the password you saved in 1
> table.
>
> Depends on how far you want to go, but you can apply user level security to
> your file and nobody has to enter their user name and password when opening
> the db.  They'd still be blocked from certain things because they aren't
> joined to the workgroup file you used to secure the db so don't have
> permissions.
>
> Chris
>
>
> Michael wrote:
> >I just finished a MS Access 2003 program. The VBA code is protected with a
> >password in the *.mdb file. I compiled it into a *.mde file. I also disabled
> >the Bypass key (the SHIFT key to ignore startup options) while keeping a
> >secret password protected back door for me. I did not use database password
> >since there are lots of password crackers. But I do offer the user the option
> >to use or not a password saved in a table. I think that this password will
> >only stop the average people from snooping in his personal data. But a
> >programmer could use a “Microsoft.Jet.oledb.4.0” connection to list the
> >tables and queries and their fields, and therefore the data.
> >
> >Q1: Data protection
> >I do not see how else to protect the data. But I can live with that flaw. I
> >do not want to use “user and group accounts” since not everybody wants to use
> >a password, and the user password popup will unfortunately always appear.
> >
> >Q2: Program protection
> >Is it possible to decompile a *.mde file to extract the VBA code of forms,
> >report and modules, re-edit forms and report? (I disabled the Bypass key (the
> >SHIFT key) with AllowBypassKey property)
> >
> >Q3: Copy protection
> >For now, I ask the user to E-mail me his MAC address. I hardcode his MAC
> >address in the program (a String global variable), and the program reads all
> >available MAC addresses of the computer for comparison. For now, it will do
> >since I do not have lots of orders, and I have very little publicity. But
> >when I will afford adds, and more frequent orders come, program keys will
> >have to be automated. How could that be done? Should the program be able to
> >communicate to a website database, some how?
>
> --
> Message posted via AccessMonster.com
> http://www.accessmonster.com/Uwe/Forums.aspx/access-security/200906/1
>
>

>How can I apply user level security to my file without creating a user and
>still not have to enter user name and password when opening the db.

"Chris O'C via AccessMonster.com" wrote:

> So if the buyer swaps out a bad nic card or replaces his/her pc with a new
> one, they have to come back to you to recode and reissue their app?
>
> Do you tell them this when they buy your app or do you tell them after your
> app stops working (or accuses them of being a pirate by making an illegal
> copy)?  Either way you'll make them mad but 1 of those choices will make them
> madder.
>
> Chris
>
>
> Michael wrote:
> >Q3: Copy protection
> >For now, I ask the user to E-mail me his MAC address. I hardcode his MAC
> >address in the program (a String global variable), and the program reads all
> >available MAC addresses of the computer for comparison. For now, it will do
> >since I do not have lots of orders, and I have very little publicity.
>
> --
> Message posted via http://www.accessmonster.com
>
>

"Tony Toews [MVP]" <tto***@telusplanet.net> wrote in
news:nhvr25108mdvr1913o1vk1o28rq9315ngl@4ax.com:

> "David W. Fenton" <XXXuse***@dfenton.com.invalid> wrote:
>
>>Tony encrypts his strings when he writes them into his modules so
>>he doesn't have to encrypt the MDE (so that it will still compress
>>when zipped). I believe that it's better to encrypt everything so
>>as not to draw attention to the particular strings that are
>>encrypted.
>
> The strings are encrypted and obfuscated. Chunks of the encryption
> password are constants in different modules.    ABC here DEF
> there, GHI over there and so forth.

"Tony Toews [MVP]" <tto***@telusplanet.net> wrote in
news:c1ae35h16tc9sjrhmg4mipufvl2chp15s4@4ax.com:

> "David W. Fenton" <XXXuse***@dfenton.com.invalid> wrote:
>
>>> I've used the MS Crypto functions in the Auto FE
>>> Updater and it seems to have worked.  So maybe that would be a
>>> solution to encrypt just that field.
>>
>>Back in 2004 I was using your updater and was encountering
>>problems with different versions of Win2K returning different
>>results for the encryption of the password. At the time, you were
>>looking into it. Did you resolve it eventually?
>
> Oh yes, it was sheer stupidity on my part.   I was passing
> different arguments when encrypting vs decrypting.    
>
> I posted about the update and I think you asked me that question
> in the newsgroup.  <smile>

"David W. Fenton" <XXXuse***@dfenton.com.invalid> wrote:

>>>> I've used the MS Crypto functions in the Auto FE
>>>> Updater and it seems to have worked.  So maybe that would be a
>>>> solution to encrypt just that field.
>>>
>>>Back in 2004 I was using your updater and was encountering
>>>problems with different versions of Win2K returning different
>>>results for the encryption of the password. At the time, you were
>>>looking into it. Did you resolve it eventually?
>>
>> Oh yes, it was sheer stupidity on my part.   I was passing
>> different arguments when encrypting vs decrypting.    
>>
>> I posted about the update and I think you asked me that question
>> in the newsgroup.  <smile>
>
>Ah, so it wasn't some exotic difference between the encryption
>libraries on different versions of Windows.
>
>If you aren't at bat, you never strike out, so making a mistake like
>that is expected, since you're actively programming on a regular
>basis.

"Tony Toews [MVP]" <tto***@telusplanet.net> wrote in
news:spji35tlrko25jv8pnsrrkqtf3tnptkfqj@4ax.com:

> "David W. Fenton" <XXXuse***@dfenton.com.invalid> wrote:
>
>>>>> I've used the MS Crypto functions in the Auto FE
>>>>> Updater and it seems to have worked.  So maybe that would be a
>>>>> solution to encrypt just that field.
>>>>
>>>>Back in 2004 I was using your updater and was encountering
>>>>problems with different versions of Win2K returning different
>>>>results for the encryption of the password. At the time, you
>>>>were looking into it. Did you resolve it eventually?
>>>
>>> Oh yes, it was sheer stupidity on my part.   I was passing
>>> different arguments when encrypting vs decrypting.    
>>>
>>> I posted about the update and I think you asked me that question
>>> in the newsgroup.  <smile>
>>
>>Ah, so it wasn't some exotic difference between the encryption
>>libraries on different versions of Windows.
>>
>>If you aren't at bat, you never strike out, so making a mistake
>>like that is expected, since you're actively programming on a
>>regular basis.
>
> Oh, I have no problem admitting I make mistakes.  <smile>  I was
> rather annoyed at myself for making such a simple, foolish mistake
> that took me so long to figure out.