F
flouw
I have an Access 2000 ADP linked to a SQL 2005 database. I have secured the
ADP so that a user is not able to access the database window, not able to
break into code, not able to automate the ADP etc.
The ADP connects with SSPI context to the SQL Server. Each domain user has
access to only ONE stored procedure in the database. It is an encrypted
procedure that returns a user name and an encrypted password. On startup, my
ADP executes the procedure which returns the user name and encrypted password
to the client.
On the client machine, I decrypt the password using super-secured custom
encryption logic. I then disconnect the ADP from the SQL Server and
reconnect using the user name and decrypted password. The user is a SQL user
with dbo rights on the database. In my connection string I am very careful
to set "Persist Security Info=False".
Once I have reconnected my ADP, I execute another procedure to read my
user's application security settings, and I build a custom toolbar for each
user with only the options (forms, reports) they are allowed to access.
So, all of this is quite tight. There is no way to break into code, no way
to interrupt the startup logic, no way to automate the ADP, no way to get the
encyption logic or encryption keys. At the same time, security setup on my
SQL Server is very simple. All I need to do is give each user access to ONE
stored procedure, which I do by adding the domain user to a group. Neat.
Just to be extra sure, I compile my ADP as an ADE before I distribute it to
my clients.
PROBLEM:
(1) Start the ADE, allow startup procedures to complete
(2) Start WinHex or similar memory analysis program to capture the RAM used
by the MSACCESS process
(3) Search memory for Unicode string "Password="
(4) Keep looking until you find a non-null value after the seach string
(5) Wonder why you spent all that time securing the password!
My first question is: why if I set the "Persist Security Info=False" option
do I still need to worry about what Access is doing in RAM with my ADO
connection string!
My second question is: does anyone have any suggestions on how to remove
this from the client machine's memory?
Thanks,
Francois
ADP so that a user is not able to access the database window, not able to
break into code, not able to automate the ADP etc.
The ADP connects with SSPI context to the SQL Server. Each domain user has
access to only ONE stored procedure in the database. It is an encrypted
procedure that returns a user name and an encrypted password. On startup, my
ADP executes the procedure which returns the user name and encrypted password
to the client.
On the client machine, I decrypt the password using super-secured custom
encryption logic. I then disconnect the ADP from the SQL Server and
reconnect using the user name and decrypted password. The user is a SQL user
with dbo rights on the database. In my connection string I am very careful
to set "Persist Security Info=False".
Once I have reconnected my ADP, I execute another procedure to read my
user's application security settings, and I build a custom toolbar for each
user with only the options (forms, reports) they are allowed to access.
So, all of this is quite tight. There is no way to break into code, no way
to interrupt the startup logic, no way to automate the ADP, no way to get the
encyption logic or encryption keys. At the same time, security setup on my
SQL Server is very simple. All I need to do is give each user access to ONE
stored procedure, which I do by adding the domain user to a group. Neat.
Just to be extra sure, I compile my ADP as an ADE before I distribute it to
my clients.
PROBLEM:
(1) Start the ADE, allow startup procedures to complete
(2) Start WinHex or similar memory analysis program to capture the RAM used
by the MSACCESS process
(3) Search memory for Unicode string "Password="
(4) Keep looking until you find a non-null value after the seach string
(5) Wonder why you spent all that time securing the password!
My first question is: why if I set the "Persist Security Info=False" option
do I still need to worry about what Access is doing in RAM with my ADO
connection string!
My second question is: does anyone have any suggestions on how to remove
this from the client machine's memory?
Thanks,
Francois