File README.TXT in ATT13.ZIP Archive


	Contents
		1 Actions Carried Out
		2 FATTR.DLL
		3 General Issues
		4 Security Issues
		5 Revision History
		6 Disclaimer		



ACTIONS CARRIED OUT
^^^^^^^^^^^^^^^^^^^
   The system will execute the following actions.
   	1. Check the JET engine version is 2.5 +
   	2.  a Check the the connect string on the first table which
              has a non-null connect string is valid.
	    b Check the current directory for the
	      filename in that connect string
   	3.  Refresh the attachments to the file name
	    obtained in step 1
	4.  If security is active, recreate permissions, copying
	     them from the remote tables.
  	5.   Check if the database needs to be compacted, if so, the user
	     is prompted as to whether they wish to compact + repair.
	     The compacting process has gone from quite lax to ultra cautious.
	     almost every check possible (file exists, file is .MDB, file
	     size) is made before overwriting the old file.

FATTR.DLL
^^^^^^^^^^^^^^^^^^^
   	For completeness, FATTR.DLL, the file functions DLL by Ken Getz is
   	included in the zip file that contained this database. The entire
   	FATTR.ZIP package, which contains the C++ source code, def file and
   	sample database is available in the MSACCESS forum, and was distributed
   	with the Jan95 copy of "Smart Access"


GENERAL ISSUES
^^^^^^^^^^^^^^^^^^^
	The form "fdlg_InitiateSystem" will crash Access rather a lot, when you
	are debugging it. Symptoms are that Access remains as it is, but appears
	to Windows as if it is not there. The only way to get out of this is to 
	exit Windows and restart. As far as I can determine, Access sends itself
	an enter_idle_state message when you start debugging, and it is not properly
	restored.
	Note that this will not affect things in normal operation.

	Originally there were 2 versions of the startup form, one commented, and one
   	with all comments / whitespace removed. This was to improve performance
   	as, according to the "Optimising your application" chapter, comments
   	take up memory, and Access needs as much memory as it can get. However it
   	is just as easy for you to do that after d/l, and it keeps the file size down.


SECURITY ISSUES
^^^^^^^^^^^^^^^^^^^
     - GENERAL -
	As-is, the security module is not inherently secure. Although it is in a 
	module object (as opposed to CBF), it is still plain to see if the 
	database is examined with a text editor. 
	Obviously encryption will solve this, but I would not recommend that for 
	two reasons.
	1) The performance drop of 10-15% is too large for my tastes.
	2) Some of the time it doesn't work anyway.
	   This is a bit controversial, but my backup is this;
	   If it is on disk then it can be looked at.
	   If it is encrypted then it can be decrypted.
	   All module code is stored in the MSysObjects table.
	   Most people don't remove read-data permissions from the MSysObjects 
	   table, so it's sheer simplicity to attach their MSysObjects, dump 
	   the modules into files and then look through the files for security
           related functions/constants.
	
     - SPOILERS YOU CAN ADD -
	Use numeric usernames and passwords for the security overlord. Then
	perform arithmetical operations on the password/username constants 
	to transform them into the real ones. This will add confusion to any
	prospective hacker, and make your password/username constants more 
	secure.
	Give the users a mechanism to change the overlord password, advise 
	them to do so regularly.
	Don't use names like ChangePassword for routines that do so, it's a
	dead give-away, also, be sure to strip out function descriptions 
	(e.g. parameter	data types and purposes etc.) for the same reason.
	Be aware that *any* JET operation (e.g. logging on to the system.mda 
	with the overlord password) can be monitored by programs such as 
	JetInspector(tm) by Blue Lagoon Software [blagoon@netcom.com] 
	/ [70152,1601] 	(NOTE: Jet Inspector does not show passwords by 
	default, you have to arrange it specially with Blue Lagoon)
	Never declare the overlord details as global, put them in one module
	and put all the functions that use them in that module.


REVISION HISTORY
^^^^^^^^^^^^^^^^^^^
       v1.3  15/Aug/95 (ATT13.ZIP lib 1 MSACCESS)
	   Moved most strings to a lookup table to ease internationalisation
       
       v1.25 24/Jul/95 (Not released to CIS)
           New compact system carries out more checks to reduce chance of
           deleting the users database.
           Added adjustable file size warning difference level for compacting
           routine.
           Added fatal error warning form.
	   Removed reliance on MSysObjects table (see security notes above)

       v1.2 Jun/95    (ATT.ZIP lib 1 MSACCESS, now deleted)
	   _ATT.EXE on Smart Access companion disk Aug95.
           Temp file drive bug, where problems occurred if the temp file was
           on a different drive was fixed by Peter Raper [100343,2011]
           Error in security module corrected.

       v1.1 Jun/95    (ATT.ZIP lib 1 MSACCESS, now deleted)
           Slightly smartened version uploaded to CIS after a number of
           persons requested copies.
       v1.0 ------
           Original version, built for attaching tables at runtime.

DISCLAIMER
^^^^^^^^^^^^^^^^^^^

      - RAW -
	I (Angus MacKenzie Wood) SHALL NOT BE HELD LIABLE FOR ANY DIRECT, 
	INDIRECT, CONSEQUENTIAL OR INCIDENTAL LOSS OR DAMAGE THAT MAY RESULT 
	FROM DOWNLOADING, STORING OR USING ANY OR ALL OF THIS SYSTEM, OR 
	SYSTEMS DERIVED FROM IT. FURTHERMORE, I SHALL NOT BE HELD LIABLE
	FOR ANY INACCURACY, OMISSION OR	FACTUAL INCORRECTNESS THAT APPEARS
	IN ANY DOCUMENTATION, WHETHER IN, OR ACCOMPANYING THIS SYSTEM.
     - COOKED -
	If it blows up and ruins your day/data/dog then I do care, but not 
	enough to let you sue me for it.

	Angus M Wood
    	Kingdom Software Consultants Ltd.
    	23 Blair Street
    	Edinburgh EH1 1QR
    	United Kingdom
    	Tel: +44 0131 220 4441
    	Fax: +44 0131 220 4442
    	CIS: 100545,720


	If you have any questions/comments/bug reports, feel free to mail me, my
	CIS ID is 100545,720

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^