Hi, TC.
To be honest, anyone with a deep understanding of Access security *is* a
hacker. That's how the majority of us got that deep understanding. The
word "hacker" has a connotation of maliciousness, but not all "hackers" are
malicious. For some, it's a very necessary skill.
At my company, we specialize in database disaster recovery and database
application "fix-its." In our business, having a deep understanding of
Access security allows us to quickly unlock valuable data for clients that
have lost the ability to access that data, and this knowledge also enables
us to advise our clients on how to effectively secure that data.
Clients may not know the user ID's or passwords, or even where the
appropriate files are stored on their servers. We've had to come up with
solutions anyway, because our clients expect us to be the experts. We've
experimented with the security and built tools to automate the recovery
processes. Anyone who has done this same experimentation and built similar
tools will know the vulnerabilities and how to overcome them to get at the
data, as well as how to prevent malicious hackers from taking advantage of
these vulnerabililities.
Joan Wild knows these vulnerabilities and the consequences of not taking
these vulnerabilities into account. So does Tom Wickerath. Anyone else who
read Joan's statement about the DDL parameter in disabling the
AllowBypassKey Property and knows these vulnerabilities understands
precisely why she made this statement.
You have the tools. Go experiment, and you'll find out why Joan made the
statement -- as well as the additional statements she's about to make after
she reads your posts. Just don't advertise the results of your experiments
to the malicious hackers reading the News Groups, please. I'd rather not
give them more clues than are already available.
Aha! On rereading your post, I now understand your tone.
My tone is one of amusement after reading your post to Joan, nothing more.
I'm not accusatory, if that's what you're thinking. I'm just a guide to
help you take another step in the learning process.
Before you make a fool of yourself
Oh, stop! I don't need anyone holding me back. I've had quite a bit of
practice, and I'm quite good at it, as my family and friends will quickly
attest to.
perhaps you'd better read my other posts
in this & other newsgroups regarding Access security.
I have. That's how I know you've advised others to download and read the
SecFAQ. You wouldn't have advised others to do something that you,
yourself, haven't already done. Access security has come up in discussions
before, and you've been a knowledgeable participant.
But this does not prevent me arguing about technical issues (pertaining to
security), when I feel that I have something to say.
Not only do you have the freedom of speech, you have the freedom to teach
others what you have learned. I'm merely asking you to use some amount of
restraint when a new revelation strikes you, because you are about to find
out something you didn't know. Congratulations. Not all of us are lucky
enough to make new discoveries about something we are passionate about, as
you obviously are about Access.
HTH.
Gunny
See
http://www.QBuilt.com for all your database needs.
See
http://www.Access.QBuilt.com for Microsoft Access tips.
