Access security.

Access security.

Post by Terri-Lynn Torr » Fri, 03 May 1996 04:00:00




>When propertly implemented (which rarely happens), Jet security is
>breakable only by knowledgeable, determined hackers.

Actually someone wrote and posted code to automatically exploit the
CopyObject flaw.  Still, not many people no about it.

Quote:>I'll still stand by my conclusion that Jet security is more often than not
>incorrectly applied. The nature of the traffic I see in the newsgroups
>indicates to me that the typical problems people are having are due to an
>improper implementation, not back-door holes in the system.

I didn't mean my post as any sort of flame.  Reading the Access
newsgroup every day, I absolutely agree with you.  "Anyone with Access
can open my database" ranks right up there with "Can I create a
completely secure .exe by using the ADT?"

--
Terri

 
 
 

Access security.

Post by Joe Garri » Mon, 06 May 1996 04:00:00


T(>Subject: Re: Access security.

Quote:>When propertly implemented (which rarely happens), Jet security is
>breakable only by knowledgeable, determined hackers.

T(>Actually someone wrote and posted code to automatically exploit the
T(>CopyObject flaw.  Still, not many people no about it.

Quote:>I'll still stand by my conclusion that Jet security is more often than
>incorrectly applied. The nature of the traffic I see in the newsgroups
>indicates to me that the typical problems people are having are due to
>improper implementation, not back-door holes in the system.

T(>I didn't mean my post as any sort of flame.  Reading the Access
T(>newsgroup every day, I absolutely agree with you.  "Anyone with Access
T(>can open my database" ranks right up there with "Can I create a
T(>completely secure .exe by using the ADT?"

I didn't take your post as a flame, but this subject seems to be so poorly
understood that I tend to go overboard a bit on it. I'll risk being
redundant to restate that anyone interested in securing an Access database
should get a copy of the security whitepaper. I'll also accept the
conclusion that if you need rock-solid security, Access is probably not
the best choice.

In my case, rock-solid security isn't necessary. I'm really only securing
my database to protect the users from their own errors and to restrict some
operations to only designated individuals. I don't think that any of the
people involved would be capable of exploiting the flaws in the system, or
would care to even if they could.

Joe

Never underestimate the power of a WAG.
e-mail:


---
 * WR  [NR] * UNREGISTERED EVALUATION COPY

 
 
 

1. MSDE Security Vs Access Security

We just upgraded an application from Access to MSDE.  In Access the
database used user-level security and was encrypted.  This database has
sensitive information that we do not want our competition to get their
hands on.

In access they could not open the database unless they knew a valid
username and password.  However with SQL it appears to me that all
someone would have to do is attach the database file to MSDE or SQL
server installation then view the databases using their administrator
account.  So, now that we have upgraded this to SQL server and MSDE for
local users, how can I protect someone from getting the database files
(mdf & ldf) and attaching them to another SQL database then viewing the
data?  

Or can I restrict all user access to the file, including administrators.

Thank you,

Brad W. Young

2. Newbie array question

3. Access Recovery / Remove Access Security

4. Table size and partitioning in EEE

5. Use dbase problem

6. Linked Server to MS Access security problem

7. Universal Data Cryptography Module V2.0

8. Access Security

9. MSSQL7&Access Security Problem

10. Access Security and VB4

11. Access Security

12. How to improve access security