security of Access database

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have a Access 2000 database (mdb) created with Access
2002. The database is passcoded and encrypted using
Access. I access it from various versions of Word (97
through XP) using ADO in a user application.

How secure is the data in the database? Can it be hacked
with some routine readily available? If so, how do I
secure the data.

Thanks

Paul
 
How long is a piece of string?

If your data is of little real value to anyone else, and the users are
relatively unsophisticated, put a database password on it, & Bob's
your uncle.

Conversely, if your data is of high value &/or confidentiality, & it
would be a disaster if someone could hack into it - choose some other
database product!

HTH,
TC
 
While I appreciate your comments, I still need guidance.
The data has value. Otherwise, why would I ask the
question? The commercial value might be 20 to 40k.

The database product must be compatible with Office which
is probably not a problem, but must also be license free
to the users. I can't ask the users to purchase a
license for Oracle or some database product. My product
retails for about $40. Any database license fee would
kill the deal.

With that in mind, any suggestions? Does anyone have an
addon that increases security? Is there some trickery
that I can use to obfiscate the data?

Thanks
 
Well, this is a simplified version of what I said to someone else who
asked whether Access was suitable for storing confidential medical
data. Perhaps this will help.

"I doubt that it would be satisfactory for storing confidential
medical data.

(1) The database password is easily cracked using code that is
available all over the web.

(2) User level security is better, but there is at least one utility
which will retrieve & display the usernames, passwords and PIDs from
any workgroup file, thus allowing anyone to impersonate the users
defined within that file.

(3) It is also possible to completely desecure an encrypted, secured
database, *without* a workgroup file. But the knowledge & code
required to do this is not, to my knowledge, generally available.

(4) Since Access & Jet both run on the PC (not the server), it is
always possible for a suitably skilled user to patch the codefiles, &
remove or bypass any & all security checks. For example, there is at
least one product on the web, that causes Access to accept *anything*
for the username & password."

So, if all of that is intolerable for your application, you won't be
able to use Access. But that is a judgement call for you to make. On
the basis of what you've told us so far, no-one else can really make
that judgement for you.

HTH,
TC
 
Back
Top