In some articles Steven Blackwell tell us the risk of using an opening script to perform some security in our databases, but what is best solution in other to perform the same procedure:

1. Using a startup layout without data, buttons or other things. This is showed in ISO Magazine. So if any user tries to cancel the open script it goes to nowhere.

2. Create a privilege just to see the startup layout and a button in startup layout to do all magic, change the user privilege to other and make the activation.

The vulnerability here is that it's a fairly trivial exercise to bypass the opening script and open the file. Obviously someone doing this must have some sort of credentials to open the file.

So if any user tries to cancel the open script it goes to nowhere.

Canceling the script isn't the threat vector here. So that really has no bearing on the situation. It's that the script never even runs if it's bypassed unless other steps have been taken.

Steven

Thanks Steven