->At this point, didn't you have to enter the password of the first mdb to get access to it? -> Only at the time of creating the link table do you need to know the password. That is why it is stored in the second 'linked' .mdb file. (or so I assume) ->If not, then it seems like that's _actually_ the bug: you got ->access to a password protected database without having to know the password. which seems to be the case. ->Finally, why wouldn't ACLs be used to protect the database instead of passwords? I tested it with varying permissions to both mdb files. Applying Read Only permissions on the mdb file still allowed you to view the plaintext passwords, when applying No Access it would not work (As it should) however, that would effectively render the linked table useless. Mileage may vary with using ACL's here though, if a user has a legitimate need to view the data in the linked table (but not modify it) then they must have some access to the file. Being able to view the password would allow the user to elevate their privileges and allow them to modify the data. You can also set permissions within Access to the various database objects, I haven't had time to investigate their impact on this tho. I am also not an Access Guru.. ;-) bf.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:50 PDT