topic



Protection against the curious user.


Certainly, it would be desirable to solve this problem{task} simply and quickly. For example, in general to hide a window access with all his{its} harmful buttons. How it to make? - such question was set repeatedly.


So, the decision 1. To hide a window access.


Answering a question " As? ", Jury Prus has given the full open description of this decision in clause{article} " Start of the application without a window access and disconnect of the button of closing of a window access "

(http: // hiprog.com/access/article.asp? id=28).


Let's present, that you have made it. And there and then it appears, that together with harmful buttons have disappeared also quite useful type: to copy, insert, sort, filter, find... To which your women have got used from word and excel. Them now that - to hang up on forms? Or to learn{teach} women to carry out them from the keyboard? That and another is rather unprofitable. Besides now it is impossible to curtail{turn} simply a problem{task}, and on the big monitors it is impossible to shift aside all forms at once - it is necessary by the piece. Thus all forms it became necessary pop-up. And programming of such forms has the unpleasant features. For example, events "Inclusion" and "Disconnect" (activate, deactivate) any more do not work.

Summing up, it is possible to say, what is it " simple and fast " the decision entails long enough and unpleasant consequences. So we shall not hide a window access. Let's hide "harmful" buttons.


The decision 2. To hide "harmful" buttons.


Harmful it is what give access to a window of a database and translate objects in a mode of the designer.

So, a window of a database. First of all it is necessary to take care of deenergizing of a key shift, the program stopping start and by that giving access to a window of a database. Then to disconnect shortcuts of a call of a window of a database (ctrl+f1, f11). And, at last, to replace standard toolbars with the.

As it to make it is described and in help, and almost in any book on access, and in original development.

Examples: " Protection from shift " (http: // hiprog.com/access/article.asp? id=128)

" Protection from shift-? " (http: // nsa.chat.ru/userinterfase_sas_shift.html).

It is necessary to note, that in second clause{article} protection from shift-? is given much more, than simply.

Having replaced toolbars on the, you have almost solved also the second problem{task} - an interdiction of a call of designers.

Almost - because often overlook to disconnect a call of the contextual menu in forms the right key of the mouse. And it enables to proceed{pass} in a mode of the designer. For disconnect of a call it is necessary to establish in forms in a status "there is no" property " Contextual menus " (shortcutmenu = no).

Performed this more laborious job, you, at last, is facilitated sigh. The curious user more will spoil nothing, and all useful buttons are. It is valid so. But...

But your mistake has again jumped out. At the user. You look at the message access, and can make nothing. To see a status of tables, values of variables... You have forbidden all.

And this interdiction now beats on you. Anything to make on a place it is impossible more. It is necessary to ask all over again, that the user before it did{made}, then to go to the open variant of base and to try to simulate sequence of the actions called a mistake. Usually it is possible. Less often - no, because the user has told not that or not all. But it happens much worse. At the user the mistake seldom, but appears, and at you - no. The general circuit of occurrence of such mistake: there is she at a rare combination of the data at the moment of their change. After reset of a mistake artful access corrects for failure in the data. And you do not see her{it}. Itself to construct this combination of the data difficultly because of its{her} rarity. How to struggle with such mistake? It is good to lead{carry out} all the same its{her} analysis directly on a place. And not asking the user.

But to make it the chosen system of protection does not give. And whether it is possible to make such protection, what the curious user anywhere could not get, and you during the same moment - could? The answer - yes!


The decision 3. Watching{keeping up} system. It also is new.


Again at you completely not protected base. The user has made any harmful action: has called a window of a database, has translated the form in a mode of the designer, has opened a window of debugging... And in fact it can be defined{determined} in the program way and to seize the user by a hand! And to not give him anything to make.

And if at a computer you you to the program will say - " it I sit! ". And she should remove{take off} all protection.

Further you understand a mistake, correct, etc. Then you overload base and protection again automatically is included. In it general idea of watching{of keeping up} system.


Now technics{technical equipment} of execution{performance}. Protection from shift-? certainly needs to be put - the watching{keeping up} system should be started. The watching{keeping up} system (such as an active window) should be caused the program of definition on the timer. The text of the program is given below. The program works very quickly. Even at an interval of the timer in 0,01 sek. The processor practically is not loaded. From practice (the first variant of the program has been written to 1998) the interval of the timer in 2 sek is sufficient. The user for this time of anything bad to make has not time. In case of detection of a harmful window it is necessary to open the protective form.

The example of the protective form can be taken to the address: http://nsa.chat.ru/secur_formnoenter.html

To this example two remarks: it is not necessary to open the form on all screen of the monitor - to make its{her} exclusive enough. And the second: to remove{take off} in her an opportunity of a call of the contextual menu. In the given concrete example it does not prevent, but at his{its} updating the opportunity of a call can appear a hole in protection.


On the timer it is the best way to do{make} start of the latent form opened first and always loaded.

I use the same form for storage of the general{common} variables. There are two advantages in comparison with use public variables in the general{common} module: they are not dumped{reset} at reset, that facilitates debugging, and can be used directly in searches as parameters of selection.

If the user will try to make this form seen (we have all standard menus) follows in the form on event of activization to put a call all of the same protective form provided that timerinterval> 0.

Now almost all. It is necessary to make in the protective form a confidential input{entrance} for itself. It can be executed in many ways. For example, klikom any button of the mouse with simultaneous pressing a combination of keys shift, ctrl, alt. It is possible to remove protection at a consecutive combination such klikov.

It is possible to react and to input of symbols from the keyboard. In general, this business of taste.

Removal of protection is reduced to zeroing an interval of the timer (disconnect of watching{of keeping up} system) and closing of the protective form. Now and the first (latent) form becomes accessible.


Function of definition such as an active window. The version for ?-97 is resulted.

Output{Exit}: = true, if a window harmful, and false otherwise.


--------------------------------------------------------------------------------



public function rpprotect () as boolean

static s as string, n as long, typewindow as long


on error resume next

err.clear


n = screen.application.currentobjecttype

if err> 0 then exit function ' just in case

s = screen.application.currentobjectname


' The type is not determined or the dialogue form

if n =-1 then exit function


' The type is determined

typewindow = n

n = syscmd (acsyscmdgetobjectstate, typewindow, s)

if n = 0 then goto truend ' the object is not open - a window of base


select case typewindow

case actable, acquery, acmacro, acmodule

goto truend ' access is always forbidden

case acform

s = screen.activeform.name

if err> 0 then goto truend ' the form in a window of a database

if forms (s) .currentview = 0 then goto truend ' the form in the designer

case acreport

s = screen.activereport.name

if err> 0 then goto truend ' the report in a window of a database

n = reports (s) .hasdata

if err> 0 then goto truend the report in the designer

end select

exit function


truend:

rpprotect = true

end function


--------------------------------------------------------------------------------




For ?-2000 function is more complex{difficult}.


Practice of application of watching{of keeping up} system shows, that the user quickly and well remembers what to do{make} it is not necessary. Also does not do{make}. Last remark. The system at all does not cancel use of the toolbars. They can be any.


All is said about protection against the curious user. And, we shall consider, she is made. A flank with gunpowder it is removed{cleaned}.

However we shall develop a situation further. In your firm there comes the new employee, and after a while asks you an explanation why you such in such module have written function so, instead of differently.

Having consulted with the surprise, you understand, that before you not the user, and, at least, the lamer (the beginning{starting} programmer). And he has removed{has taken off} your protection. Now before you there is a new problem{task}: