Tải bản đầy đủ - 0 (trang)
Section 16.  Hide Sensitive Information

Section 16.  Hide Sensitive Information

Tải bản đầy đủ - 0trang

TheforminFigure2-13hastherecordsourcepropertysetto

theUSysClientstable.IntheTools Options Viewmenu,

you'llfindasettingfordisplayingsystemobjects,asshownin

Figure2-14.Notethatcheckingtodisplaysystemobjects

makesUSystablesvisible.

Figure2-15showsallthesystemobjectsintheirglory.The

USystablesarethere,aswellastheMSystables[Hack#15].



Theprefixisn'tcase-sensitive.YoucanuseUSYS,USys,usys,andso

on;theyallworktodifferentiateatable.



2.5.1.AnAlternative

Anotherwaytohideobjectsinyourdatabaseistoright-clicka

databaseobject,whichthendisplaysamenuthatincludesa

Propertiesoption.SelectingthisdisplaysaPropertiesdialog,as

showninFigure2-16.CheckingtheHiddencheckboxhidesthe

object.



Figure2-14.SelectingtodisplayUSys-prefixed

tables



Figure2-15.DisplayingallUSysandMSystables



Todisplayhiddenobjects,simplycheck"Hiddenobjects"inthe

ShowsectionoftheOptionsdialogbox,asshownpreviouslyin

Figure2-14.Butnotethatbetweenprefixingobjectnameswith

USysandsettingthehiddenattribute,you'vegotenough

capabilitytobealittlesmartandalittledangerous.Just

becauseyoucan'tseeobjectsdoesn'tmeantheyaren'tthere!



Figure2-16.SettingtheHiddenattribute



2.5.2.HackingtheHack

Althoughthishackshowedyouhowtohidetablesand,

therefore,avoidgivingusersaccesstorawdata,youcanhide

otherdatabaseobjectsaswell.Justprefixthenamesof

queries,forms,reports,andsoon,withUSys,andthey

magicallydisappear.Or,setthehiddenattributeinthe

Propertiesdialog.Ithelpstowritedownthenamesfirst!

AreallycooltrickistousetheUSysprefix,ortosetthehidden

attribute,foralldatabaseobjects.Asaresult,anyoneviewing

thetabsinthedatabasewindowwillseeabsolutelynothing.By

settingtheStartupformtoaformprefixedwithUSys,youcan

gettheentireapplicationrunning.Aslongasyouarefully



awareofhowalltheobjectsarenamed,youcancreatea

completeapplicationwithoutasinglevisibleobjectinthe

databasewindowtabs.Ofcourse,theobjectsbecomevisible

whentheyareopened,butbytakingthecorrectmeasuresto

keepusersoutofyourdesignelements,youcandistributean

invisibledatabase.



Hack17.SimulateTableTriggers



IncorporatethesamefunctionalityasSQLServeror

OracleinyourAccessapplication.

Access2003andearlierversionsdon'tsupporttableevents.A

triggerisatableeventthatyoucanfireonaninsert,anedit,or

adeleteactionavaluablefunction.Ausefulexampleistocatch

aneditbeforeitcompletesandtostoretheoriginaldatathatis,

storetheoriginalrecordsomewhereelse,suchasinabackup

table.Thisleavesyouwithadataaudittrail.Ifforsomereason

theediteddataisproblematic,youcanrecalltheoriginaldata.

Thislogicappliestodeletesaswell.Usingtriggers,youcan

hookintoadeleteandarchivethedatainsteadofjust

discardingit.Inthecaseofinserts(suchasnewrecordsbeing

addedtoatable),datacanbevalidatedbeforebeingallowed

intothetable.

Unfortunately,Accessdoesn'tletyoudoanyofthisdirectly

fromthepointofviewofthetableitself.Butyoucandoallof

thiswhenworkingthroughforms.Formshaveplentyofevents

tohookinto,andyoucanhandlesimilarfunctionalityas

traditionaltriggersbyworkingthroughformsinsteadoftables.



2.6.1.SettingUpanAuditLog

Todemonstratehowallthisworks,let'saddanewtabletoa

databasetomirroranexistingdatatableandcreateanaudit

logofchangestothedatatable.We'lldothisbyusingtwo

additionalfields:onetostorethetypeofoperationandoneto

storeatimestamp.Figure2-17displaystwotables:thedata



table(tblClients)andatabletostorerecordsfromthefirst

tablejustpriortothembeingeditedordeleted

(tblClientsAuditLog).

Hereareacoupleofpointstoconsider:

Thelogtablecontainstwoadditionalfields:Actionand

Timestamp.

TheClientIDfieldistheprimarykeyinthedatatable,butit

ispurposelynotsetasaprimarykeyinthelogtable.This

isbecausethelogtablemightholdmultiplerecordsthat

pertaintothesameclient(andthereforethesame

ClientID).



2.6.2.CheckingOuttheFormEvents

Nowyoucanuseastandardformtoview,add,edit,anddelete

recordsfromthedatatable.Figure2-18showsatypicalform

basedonthetblClientstable.



Figure2-17.Usinganauditlogtabletostore

records



Figure2-18.Inserts,updates,anddeletes,done

withaform



Ofcourse,thereissomecodebehindthisform.Twoeventsare

tapped:theBeforeUpdateeventandtheDeleteevent.BeforeUpdate

handlesbothinsertsandupdates,andDeletehandlesdeletes.In

particular,whenaninsertismade,theBeforeUpdateevent

validatesthedata(i.e.,itcheckstoseeifthereisalastname).

Ifthevalidationfails,theCancelpropertyissettotrue,which

causestheeventtoabort.

Whenanupdate(anedit)ismade,therecordreceivingthe

changeiswrittentothelogtable,priortothechange.This

meanstheoriginaldataiskeptintact.Whenadeleteismade,

therecordthatistobedeletedisalsowrittentothelogtable,

priortothechange.



2.6.3.TheCode

Hereisthecodebehindtheform.TheActionfieldinthelog

tablereceivesoneoftwovalues:UpdateorDelete.Thetwoevent



routinesuseacommonfunction(build_sql):

PrivateSubForm_BeforeUpdate(CancelAsInteger)

OnErrorGoToerr_end

DimssqlAsString

DimconnAsADODB.Connection

Setconn=CurrentProject.Connection

IfNewRecord=FalseThen

ssql=build_sql(ClientID,"Update")

conn.Executessql

conn.Close

Setconn=Nothing

Else

IfIsNull(ClientLastName)OrClientLastName=""Then

MsgBox"Mustprovidename"

Cancel=True

EndIf



EndIf

ExitSub

err_end:

MsgBoxErr.Description

EndSub

PrivateSubForm_Delete(CancelAsInteger)

OnErrorGoToerr_end

DimssqlAsString

DimconnAsADODB.Connection

Setconn=CurrentProject.Connection

ssql=build_sql(ClientID,"Delete")

conn.Executessql

ExitSub

err_end:

MsgBoxErr.Description

EndSub



Functionbuild_sql(client_idAsLong,operationAsString)A

build_sql="InsertIntotblClientsAuditLogValues("



build_sql=build_sql&ClientID&","

build_sql=build_sql&"'"&_

DLookup("ClientFirstName","tblClients","ClientID="&_

client_id)&"',"

build_sql=build_sql&"'"&_

DLookup("ClientLastName","tblClients","ClientID="&_

client_id)&"',"

build_sql=build_sql&"'"&_

DLookup("ClientAddress1","tblClients","ClientID="&_

client_id)&"',"

build_sql=build_sql&"'"&_

DLookup("ClientState","tblClients","ClientID="&_

client_id)&"',"

build_sql=build_sql&"'"&_

DLookup("ClientCity","tblClients","ClientID="&_

client_id)&"',"

build_sql=build_sql&"'"&_

DLookup("ClientZip","tblClients","ClientID="&_

client_id)&"',"

build_sql=build_sql&"'"&_

DLookup("ClientPhone","tblClients","ClientID="&_

client_id)&"',"

build_sql=build_sql&"'"&operation&"',"

build_sql=build_sql&"#"&Now()&"#)"

EndFunction



2.6.4.RunningtheCode

Thecoderunswheninserts,updates,anddeletesaremade

usingtheform.Noparticularadditionalaction,suchasclicking

abutton,isrequired.Thelogtablefillsupwithrecordsasusers

dotheirthing.Thelogtablekeepstrackofallthechangesand

evenstoresmultiplechangesperclient.Thebuild_sqlfunction



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Section 16.  Hide Sensitive Information

Tải bản đầy đủ ngay(0 tr)

×