Microsoft"s development ethic.

I was just browsing through the following MS page:

http://msdn2.microsoft.com/en-us/library/bb421308.aspx

and was stunned to read:

"Casual and intermediate users generally will not stumble on this, so
your objects are protected."

Jesus I drive myself nuts trying to second guess what users might do.
The sentence above gives an insight into the profound complacency of
the author (and possibly the Access 2007 development team). That
sentence should be branded to their chests as they are set on fire and
dragged behind wild horses. To clarify the point, someone should tell
them "it'll be absolutely fine as long as you shut your eyes."


Paul

Re: Microsoft"s development ethic.

On Sun, 30 Mar 2008 13:26:35 -0700 (PDT), Paul H
wrote:

I see it more as an attempt to provide multiple layers of security,
some very easy to implement but also very easy to defeat, such as this
one. The point is that not every organisation is Fort Knox, and simple
steps to keep good-willing employees from accidentally harming the
system are a good idea.

-Tom.


>I was just browsing through the following MS page:
>
>http://msdn2.microsoft.com/en-us/library/bb421308.aspx
>
>and was stunned to read:
>
>"Casual and intermediate users generally will not stumble on this, so
>your objects are protected."
>
>Jesus I drive myself nuts trying to second guess what users might do.
>The sentence above gives an insight into the profound complacency of
>the author (and possibly the Access 2007 development team). That
>sentence should be branded to their chests as they are set on fire and
>dragged behind wild horses. To clarify the point, someone should tell
>them "it'll be absolutely fine as long as you shut your eyes."
>
>
>Paul

Re: Microsoft"s development ethic.

I'm not sure if I agree 100% with the language used, but on the other hand I
think it's fair and honest in a sense.

For example for many years access developers have used the shift bypass key
as a way to keep the users out of the database. I would never stand here and
state that using the shift key bypass is a way to protect your database, and
yet many access developers have used this trick for years. (and, in this
context I'm talking about non secured databases by the way).

I think would be most fair to say the following:

Using the shift key bypass is a means by which to keep beginner and
intermediate users out of your objects and forms, and thus your forms and
objects are protected from modification.

I can't stress that when we say protected from modification, we're talking
about those beginner and intermediate users in the context of one sentence,
NOT a separate out of context sentence. This does not claim that all objects
are protected from modification, it simply claims that you get production
from beginners and intermediates users.

In other words much the same text can be used when talking about the shift
key. Your forms and objects will be protected from modification by these
beginner and intermediate users.

Obviously from the above its advanced users can get around this, then it's
no protection from advanced users at all! However the statement of fact
claimed never in any way shape claims that you going to be safe from
advanced users.

By the way, what would you have them say in this case? It is quite common
that access developers often use some type obfuscation for our users to hide
things.

I actually think it's quite fine to state that a approach gives lesser users
protection, but we're going to have enough intelligence to conclude from
this that it gives no protection from advanced users. I don't think this
needs spelling out unless the person reading the article is not an advanced
use and can't comprehend the ramifications of this approach.

We can leave the company's digital camera on the front desk for all to see,
and likely get stolen quite quickly. However we don't keep it under lock and
key, we simply put it back on a shelf around the corner because employees
need it all the time.

I think it's fair to say that this will keep the camera secure from
casual users and visitors to the company, but advanced burglars and long
time employees are going to find and steal the camera if they choose to.

My point is that in real life scenarios, or in software, we often use
Obfuscation.

They're not making a claim this is secure for advanced users, there simply
saying for casual and beginner users it will give you some protection.

--
Albert D. Kallal (Access MVP)
Edmonton, Alberta Canada
pleaseNOOSpamKallal@msn.com

Re: Microsoft"s development ethic.

"Albert D. Kallal" wrote in
news:GIUHj.140873$pM4.55125@pd7urf1no:

> My point is that in real life scenarios, or in software, we often
> use Obfuscation.

But that's not security.

--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/

Re: Microsoft"s development ethic.

Paul H wrote:
> I was just browsing through the following MS page:
>
> http://msdn2.microsoft.com/en-us/library/bb421308.aspx
>
> and was stunned to read:
>
> "Casual and intermediate users generally will not stumble on this, so
> your objects are protected."
>
> Jesus I drive myself nuts trying to second guess what users might do.
> The sentence above gives an insight into the profound complacency of
> the author (and possibly the Access 2007 development team). That
> sentence should be branded to their chests as they are set on fire and
> dragged behind wild horses. To clarify the point, someone should tell
> them "it'll be absolutely fine as long as you shut your eyes."
>
>
> Paul

"For new developers: the day that you start to understand how to use and
develop Access databases by using both live and development folders for
front ends and back ends is the day when you move from being just a
power user to an Access developer."

The secret is revealed. The questions here should drop of significantly
once it spreads.

Re: Microsoft"s development ethic.

"Paul H" wrote

>I was just browsing through the following MS page:
>
> http://msdn2.microsoft.com/en-us/library/bb421308.aspx
>
> and was stunned to read:
>
> "Casual and intermediate users generally will not stumble
> on this, so your objects are protected."

Paul, Garry Robinson, Microsoft Access MVP, the author of that article, does
not participate in this newsgroup, but gave me permission to pass on his
response to your comments...

"Hi Paul

Ever since I started writing my book on Access security, I have been very
particular about the words protection and security.

In this article I use the word security only for Workgroup security which
only exists in MDB database not ACCDB format, ACCDE format (MDE), Windows
folder security and SQL server. Nothing else gets the Secure brand.

I still think hiding just a few objects is good and simple protection. Hide
all the objects and the user will go hunting.

Garry
www.vb123.com/map for the book."

Re: Microsoft"s development ethic.

On 31 Mar, 05:44, "Larry Linson" wrote:
> "PaulH" wrote
>
> =A0>I was just browsing through the following MS page:
> =A0>
> =A0>http://msdn2.microsoft.com/en-us/library/bb421308.aspx
> =A0>
> =A0> and was stunned to read:
> =A0>
> =A0> "Casual and intermediate users generally will not stumble
> =A0> on this, so your objects are protected."
>
> Paul, Garry Robinson, Microsoft Access MVP, the author of that article, do=
es
> not participate in this newsgroup, but gave me permission to pass on his
> response to your comments...
>
> "HiPaul
>
> Ever since I started writing my book on Access security, I have been very
> particular about the words protection and security.
>
> In this article I use the word security only for Workgroup security which
> only exists in MDB database not ACCDB format, ACCDE format (MDE), Windows
> folder security and SQL server. =A0Nothing else gets the Secure brand.
>
> I still think hiding just a few objects is good and simple protection. =A0=
Hide
> all the objects and the user will go hunting.
>
> Garrywww.vb123.com/mapfor the book."

In hindsight, I did take the sentence out of context, which admittedly
enhances only my point of view. I guess what shocked me most, which I
didn't clarify, was that the first half of the sentence is a general
assumption, the second an absolute based on that assumption, but I am
nitpicking. In truth, I am wiser for all of the responses my post
received. I still think "intermediate" users are the most dangerous
bunch. :O)

Thanks

Paul

Re: Microsoft"s development ethic.

"Paul H" wrote

> In truth, I am wiser for all of the responses my post
> received.

As, I am certain, are we all. That's what newsgroups are about.

> I still think "intermediate" users are the most
> dangerous bunch. :O)

I'd say "any user who thinks he/she knows a lot more than he/she actually
does."

Larry Linson
Microsoft Office Access MVP

Re: Microsoft"s development ethic.

Larry Linson wrote:
> "Paul H" wrote
>
>> In truth, I am wiser for all of the responses my post
>> received.
>
> As, I am certain, are we all. That's what newsgroups are about.
>
>> I still think "intermediate" users are the most
>> dangerous bunch. :O)
>
> I'd say "any user who thinks he/she knows a lot more than he/she
> actually does."

ha! This is rich coming from you Larry.

A while back you said this to me: "Anytime, my friend, that Lyle and I
agree, you should take heed, because we differ on a great many matters of
opinion, so our areas of agreement are more often than not, matters of
fact."

Re: Microsoft"s development ethic.

Hmm. If Lyle had a post in this thread, it is not showing up on my
newsreader.

But, there's a great deal of truth in my statement that you quote. I have
great respect for Lyle's knowledge and experience, as I think he has for
mine. We have disagreed sometimes when our respective views have been
influenced by the different kinds of database application we sometimes
address, and, strange as it may seem, there have been times when we later
agreed because one, or both, of us has been led by someone or our own
experience to a higher level of "enlightenment" on a particular subject.

You know the axiom about "opinions", I'm sure.

Larry


"DFS" wrote in message
news:%9BKj.32053$r76.5368@bignews8.bellsouth.net...
> Larry Linson wrote:
>> "Paul H" wrote
>>
>>> In truth, I am wiser for all of the responses my post
>>> received.
>>
>> As, I am certain, are we all. That's what newsgroups are about.
>>
>>> I still think "intermediate" users are the most
>>> dangerous bunch. :O)
>>
>> I'd say "any user who thinks he/she knows a lot more than he/she
>> actually does."
>
> ha! This is rich coming from you Larry.
>
> A while back you said this to me: "Anytime, my friend, that Lyle and I
> agree, you should take heed, because we differ on a great many matters of
> opinion, so our areas of agreement are more often than not, matters of
> fact."
>
>
>
>

Re: Microsoft"s development ethic.

Paul H wrote:

> I still think "intermediate" users are the most dangerous
>bunch. :O)

Yup, just experienced enough to insist that their way is the best.

I've heard that the scariest pilots are those with about 100 to 200 hours. Or 18
year olds are scarier drivers than 16 year olds.

tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/