How _really_ secure is Access DB...

  • Thread starter Thread starter Predrag
  • Start date Start date
P

Predrag

I'm considering deploying Access DB as dataholder for data on user machines.
Of course I'm locking database with database password but I'm curious on
just how secure is that and what are the odds for someone to crack database
password. Are there tools for doing so in hack community? Or is there some
exploit?

I'm using Access 2000 but am willing to switch to newer (XP or 2003) if that
helps.

Thanks in advance to anyone who responds...
 
Predrag said:
I'm considering deploying Access DB as dataholder for data on user machines.
Of course I'm locking database with database password but I'm curious on
just how secure is that and what are the odds for someone to crack database
password. Are there tools for doing so in hack community? Or is there some
exploit?

I'm using Access 2000 but am willing to switch to newer (XP or 2003) if that
helps.

Thanks in advance to anyone who responds...
Click to expand...

The best you can do is User Level security. That would require a determined
person to spend a nominal amount of dollars for tools that could crack in. The
file level password is so easy to crack that it's completely useless.

If you really need security *from your users* then your data should not be in an
MDB file.
 
If you really need security *from your users* then your data should not be
in an
MDB file.
Click to expand...

Rick,
Actually, users can be some of the most curious people on the planet. They
are not necessarily malicious, but can be curious about things they don't
need to know -- such as employee information. Implementing some type of
security on a .mdb file is essential to keep the idle curious from venturing
into places they ought not to be.
 
Lynn Trapp said:
be
in an

Rick,
Actually, users can be some of the most curious people on the planet. They
are not necessarily malicious, but can be curious about things they don't
need to know -- such as employee information. Implementing some type of
security on a .mdb file is essential to keep the idle curious from venturing
into places they ought not to be.
Click to expand...

That is exactly what I meant. To secure data in an MDB from non-users you
simply store it in a place that only users have access to. To secure some
of the data from *users* you can use obfuscation techniques and User Level
Security to erect barriers for the "idly curious". However; if you want
more than barriers and/or you want protection from more than idle
curiosity, then the data belongs in something that is more securable than
an MDB file is capable of.
 
Back
Top