Will It Be Fixed?

[Guest]

Its fairly common knowledge that Access (and, for that matter, Office)
security can be compromised. Seems to me that this is something that could
easily be fixed by Microsoft (for example, in Access, with stronger
encryption of passwords in SYSTEM.MDW), yet they have ignored the issue for
years.

In this day of increased security focus, I'm wondering if Microsoft will
finally address this issue in Office 12.

Anyone have any advance insight on this?

 

[Jeff Conrad]

This may help:

http://blogs.msdn.com/access/archive/2005/10/19/482845.aspx

--
Jeff Conrad
Access Junkie - MVP
http://home.bendbroadband.com/conradsystems/accessjunkie.html
http://www.access.qbuilt.com/html/articles.html

in message:

 

[Guest]

Hmmm...interesting. But it still leaves the question up in the air.

It seems to say...."Yes, there will be better security", but doesn't fill in
the details. Still unanswered..."Will there still be User Level Security?".

This blog was back in October...anyone know of an updated status?

Thanks Jeff.

 

[Joan Wild]

Well I thought it was pretty clear. Quoting from the blog...
"ACE will no longer support the JET concept of user level security for new
file formats"

 

[Guest]

Ahh but just before that sentence it said "To help promote using truly secure
user-level security..."

and then

"We believe that the security work in Access 12 will both make the product
more secure through things like the improved encryption and clearer
user-level security"

Doesn't seem that clear to me!

 

[Lynn Trapp]

It also says, "To have multiple people use the database but with different
data access privileges, the recommended practice was to move this data to a
centralized service like SQL server or SharePoint lists." Thus, it appears
to me that Microsoft is moving the security model away from "Jet" (whatever
it ends up being called) to SQL Server and SharePoint. I don't think they
will be doing any improvements on the Jet security model, although it will
still be available for backward compatibility.

--
Lynn Trapp
MS Access MVP
www.ltcomputerdesigns.com
Access Security: www.ltcomputerdesigns.com/Security.htm
Jeff Conrad's Access Junkie List:
http://home.bendbroadband.com/conradsystems/accessjunkie.html

 

[david epsom dot com dot au]

DoubleSpeak: "The ability to speak or write two or more contradictory ideas
without the speaker or writer being consciously aware of the contradiction."
(http://landru.i-link-2.net/monques/dblspk.html)


(david)

 

[Chris Mills]

Also, we (involving David) have previously discussed (in this ng) that SQL
Server will not *necessarily* secure better if there is an unsecure front end
(SQL Server *must* have some other front-end).

Just a reminder that it's a little more complex than merely saying
"abracadabraSQLserver"

Chris

 

[Chris Mills]

Further reading down David's posted URL

LOL!

 

[Chris Mills]

And would that be the same Jeff Conrad (MVP) replying, who directly ASSISTS in
the CRACKING of ULS via his WEB-SITE?