• Security (V2000)

    Home » Forums » AskWoody support » Productivity software by function » MS Access and database help » Security (V2000)

    Author
    Topic
    WSdashiell
    AskWoody Lounger
    November 20, 2007 at 4:40 am #446338

    We have an access database that is password protected. I’ve heard of the MS Access password vulnerabilities but wasn’t certain how true the stories were. Our IT Department is now discouraging us forcing us to either revise or abandon a database we built because of security concerns as someone on their team was able to hack into the database. Here is their position:

    -Threat
    The Allstate Reporting.mdb file contains report information as well as a users table for the reporting application. To protect the information in the file, Microsoft Access Password Protection is used.

    -Impact
    Using a free application from the Internet it is possible to decode the MS Access password and gain access to the users table in the mdb file. Using this information an Attacker can then leverage all data in the tables.

    -Solution
    MS Access password protection is extremely insecure and easy to crack and should never be used to protect information that is considered confidential. Stronger encryption should be used for sensitive information.

    ***What options do I have?
    Thanks!

    Reply | Quote
    Viewing 1 reply thread
    Author
    Replies
    • WSgdrezek
      AskWoody Lounger
      November 20, 2007 at 6:29 am #1084862

      My opinion:
      First, if not done already, split the db into a front-end (queries, forms, reports, modules) and back-end (data tables). Then, if possible, move the back-end to an instance of sql server by importing them into a database. If that is not quite possible move it to sql server 2005 express. On either server you can access your data (via odbc’s or using ActiveX Data Objects [ADO]). This way you can use sql server’s security (as well as Windows) to answer and defeat all 3 of IT’s concerns.

      A very good starting point on Access security and very highly recommended is:
      WendellB’s The Secrets of security.

      Reply | Quote
    • WSjacksonmacd
      AskWoody Lounger
      November 21, 2007 at 12:25 am #1085032

      1) Split the database. Each use gets a copy of the frontend, the backend goes on the server. Mount it in a share on the server where the network permissions only allow the authorized people to see the file.

      2) Apply full User-Level Security to the backend — the simple password that you used is insufficient. See the website in my signature for links to several articles.

      1 & 2 are mandatory if you stay within the Access environment. If you find them to be insufficient (and they can be for some situations) and if you want “bulletproof” security, move the backend to an SQL server as already suggested.

      Reply | Quote
    Viewing 1 reply thread
    Reply To: Security (V2000)

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.