Access network security

  • Thread starter Thread starter Troy Moyers
  • Start date Start date
T

Troy Moyers

I have an Access 2002 database where I store passwords.
It has come to my attention that remote queries to the
database can generate network traffic where the database
info can be viewed in plain text using a network packet
sniffer, therefore compromising the passwords.

Is there anything that can be done to encrypt the packets
so they are not viewable in plain text? Will the Encrypt
option in Access take care of this. I haven't been able
to find details on exactly what that option does.

Troy
 
Er, plaintext database >and user level< passwords are retrievable using
tools from the web. All the person needs to do, is grab a copy of your
database or workgroup info file, then run those tools. That is surely a
bigger worry than people sniffing data from over the wire?

Encryption/decryption is performed by the Jet database engine (the
underlying default database engine of MS Access). Jet runs locally, not on
the server (with the encrypted db). So, >DATA< being transmitted over the
wire, to or from the database, would certainly be encrypted. User level
passwords would not go over the wire >at all<, unless the workgroup file was
on the server, in which case, I'm not sure if they would go encrypted, or
not. Proper crypto hygeine would say that the encrypted password should come
down< the wire, to the client; but with MS crypto, who knows?

In summary, the availablity of pw cracking tools is IMO, a much bigger
concern than the visibilty of plaintext data on a network connection.

HTH,
TC
 
Back
Top