Microsoft Access - How to Bypass Database Startup

A common problem with inheriting Microsoft Access databases from other people is that you might not be able to get into the database without the startup form loading. You also might not be able to get to the database window to make any changes.

microsoft security essentials download

Now, assuming the database isn't an MDE file (which is an encrypted database that you can't modify), and the previous developer didn't tightly secure it using the User-Level Security Wizard, you should be able to get to the database window by simply bypassing the startup routine.

MICROSOFT SECURITY

Any Access developer can specify a startup form and even hide the database window in the database setup options. You can even create an AutoExec macro that runs too.

If you hold down the SHIFT key when you first start your database - as soon as you double-click the icon to open it - this should bypass the startup options and bring you right to the database window.

If not, then the previous developer might have taken additional steps to secure the database. But, this simple solution will get you into 99% of the databases you're going to come across.

If this doesn't work, another easy solution you could try is creating a new, blank database and just importing all of the objects from the old database. You'll get all of the tables, queries, forms, and reports (and macros/modules too if you select them) but you won't have any of the database properties, such as the startup options. Just don't import the AutoExec macro if it exists.

Microsoft Access - How to Bypass Database Startup

Richard Rost is President of 599CD Computer Training and Access Learning Zone.

MICROSOFT SECURITY

The Top Sources Of Oracle Database Best Practices Used By IT Auditors

In our experience as IT auditors who review databases, we wanted to share a few excellent sources of Oracle database best practices.

The two main sources are the Center for Internet Security (CIS) 'Configuration Benchmark' and the US Defense Information Systems Agency (DISA) 'Database Security Technical Implementation Guide' (STIG). The following discussion provides a brief overview of each source.

MICROSOFT SECURITY ESSENTIALS LATEST VERSION

CIS Security Configuration Benchmark. This benchmark for Oracle Database Server 11g is a consensus document based on input from consultants, software developers, auditors, compliance professionals and government workers.

The benchmark provides a 'level-I' configuration of settings that can be implemented by system administrators with basic security knowledge. These settings are designed to minimize disruption to an existing database. There is also a 'level-II' configuration which is targeted to network architecture and server function. This higher level requires stronger security experience but yields substantially greater security functionality.

The benchmark contains separate sections dedicated to system specific settings, installation and patching, directory and file permissions, database startup and shutdown, auditing policy, user setup and access settings.

This configuration benchmark provides the settings for an Oracle database that is secure against conventional threats. There is specific guidance for a secure installation, setup, configuration and operation of an Oracle 11g database environment. In addition to specific configuration settings there are also 'best practice' processes and procedures e.g. data backups, archive logs, hardware security.

DOD DISA Database Security Technical Implementation Guide (STIG). The STIG was published by the US Defense Information Systems Agency (DISA) for the Department of Defense (DOD). The objective of the STIG is to secure DOD database management systems (DBMS). The document covers known security configuration items, vulnerabilities and issues.

The STIG is a comprehensive and detailed configuration standard that consists of 'security elements' and 'security requirements'. The STIG goes into much more depth than the vendor specific 'checklists' discussed below.

The 'security elements' section of the guide (STIG) includes the essentials of database security such as authentication, authorization, data integrity, system auditing, backup and recovery. These security elements are commonly found in a database management system (DBMS) which controls the security of the actual data.

The section on 'security requirements' contains the specific requirements for accessing data and operating the database. Guidance is provided on design and configuration, identification and authentication, boundary defense, disaster recovery, vulnerability and incident management, physical and environmental requirements.

DOD DISA Oracle 11 Database Security Checklist. DISA has also published vendor-specific database security checklists for Oracle and Microsoft SQL Server DBMS's. The 'Oracle 11 Database Security Checklist' is the most current checklist as of the date of this writing - published in August 2010. Separate checklists have also been published for the previous Oracle versions 9 and 10. The Oracle 11 checklist includes security review procedures organized into specific security 'items' or 'checks.'

Conclusion. The two documents discussed above emphasized different aspects of database security. The CIS document provides a basic security configuration (Level I) and an advanced security configuration (Level II). The STIG document provides 'security elements' and 'security requirements'. A more detailed and specific document is the Database Security Checklist.

References. Database Security Technical Implementation Guide (STIG), Version 8, Release 1 (September 2007). US Department of Defense, Defense Information Systems Agency.
Oracle 11 Database Security Checklist, Version 8, Release 1.8 (August 2010). US Department of Defense, Defense Information Systems Agency.
Security Confguration Benchmark for Oracle Database Server 11g. Version 1.0.1 (January 2009). The Center for Internet Security.

The Top Sources Of Oracle Database Best Practices Used By IT Auditors

Looking for certified IT auditors at reasonable rates? Continental Audit Services is your provider to control risks, improve security and comply with regulations. IT best practices applied to all major operating systems, databases and other technology. Visit http://www.continentalaudit.com.

MICROSOFT SECURITY ESSENTIALS LATEST VERSION