Access database security

  • Thread starter Thread starter PDO
  • Start date Start date
P

PDO

I have an Access 2000 database created with Access 2002
that is passcoded and encrypted.

Is it safe from hackers, or is there an easy crack
available on the internet. If so, what safeguards can I
use.

Thanks

Paul
 
PDO said:
I have an Access 2000 database created with Access 2002
that is passcoded and encrypted.

Is it safe from hackers, or is there an easy crack
available on the internet. If so, what safeguards can I
use.
Click to expand...

The basic file-level password is so trivially easy to crack that it's a
complete waste of time. Implementing Access User-Level security is much
more robust, but it can still be hacked if the hacker is in possession of
the hacking utilities that are available on the internet.

My understanding is that encrypting the file only protects the data from
being seen by a person opening the file in a simple hex editor or something
like Notepad. If the person can find a way to open the file with Access
then encrypting does nothing for you.

Long story short; if it *really* needs to be secure, Access/Jet is not the
file to keep it in.
 
PAUL:

One thing to keep in mind is that there is nothing that can not be cracked -
it is a matter of will and energy. The trick is to determine how much
effort you want the cracker to have to expend (where you figure they'll say
it isn't worth the effort).

Access MDB passwords will only stop the curious/casual user. It took no
time for me to find a small VB password cracking tool for Access when I had
to get into a table locked by a disgruntled user. By the way - that little
"toy" worked on 97, 2000 and 2002 - haven't tried 2003 yet - and before
anyone asks - NO - I won't give it out so please don't ask.

Encryption will prevent someone from using a text or hex editor to look at
the data in your MDB. They may not see the code or table layout but they
will see the credit card numbers and phone numbers in the tables if they
know how to look.

You can buy or create custom security and data level encryption routines
within your database - some people do. Again, it comes back to how
sensitive is your data? How much effort and how likely do you think it will
be that someone will want in.

One final thought. According to most industry security material that I have
read lately - the number one method of security breach is "social
engineering" in one form or another. Passwords shared with other users,
post-it notes under keyboards or even tacked on the wall next to the
computer!! or user passwords that are sesame street simple just to name a
few.

Hope this give you some perspective. Security is always a balancing act.
Even Fort Knox has its compromises.

Alan
 
Back
Top