Access - Secure???

  • Thread starter Thread starter Tom
  • Start date Start date
T

Tom

I am wondering if there is any way to "truly" make a db
secure? I have found many programs on the Net which can
easily crack a password protected db (including Access
2002 db's) and I am now finding some which even can go a
step further and hack the mdw file and give out usernames
and passwords - including those in the admins group :(
Is there really no such thing as security anymore? If so,
what can I do besides using the user level security which
I now use?
Thanks in advance.
Tom
 
Tom said:
I am wondering if there is any way to "truly" make a db
secure? I have found many programs on the Net which can
easily crack a password protected db (including Access
2002 db's) and I am now finding some which even can go a
step further and hack the mdw file and give out usernames
and passwords - including those in the admins group :(
Is there really no such thing as security anymore? If so,
what can I do besides using the user level security which
I now use?
Thanks in advance.
Tom

If you want security beyond properly implemented Access User Level security then
you need to use a different product for your database engine (a server based
DBMS like SQL Server or Oracle). Any file-based solution can be hacked if the
hacker is determined and/or skilled enough. The same could be said for
server-based products, but they at least raise the bar by an order of magnitude
by the simple fact that the data is not stored in a simple file that the hacker
can just copy onto his own system where he can plug away at his leisure to get
at it.
 
It is true that there are products to reverese engineer the usernames &
passwords from an MDW file. (Good one, Microsoft!) However, there are two
things you can do to minimize the impact of this.

(1) Convert your db to an MDE. This stops the users viewing or changing any
VBA code, under any circumstances, no matter what their permissions may be.

(2) Ensure that the MDW file that you distribute with your application, is
*not* the MDW file that was in effect when you created the database. Then,
the Admins group in your distribution MDW, does *not* have any
adminisrrative permissions on the databsase - so it does not really matter
if someone knows the username/password of someone in the distributed MDW's
Admins group.

HTH,
TC
 
Back
Top