Using MsAccess in Combination with PHP and MySQL: security (1 Viewer)

O

orny

New member
Local time
Today, 18:38
Joined
Oct 18, 2023
Messages
10
Hello all!
I have just done my first tests using Access (a non-encypted ACCDE front-end) in combination with PHP calls over SSL to a SSL encrypted MySQL backend. Anyone interested in trying to crack it open and tell me how they did it?

I've already tried to copy a new autoexec macro into th ACCDE, pointing to a new form, allowing me to alter settings. But I could only inject the rogue autoexec macro, not the frmRogueForm I had planned. The app launches with a modal popup login form, and closing that without clearing password (hashed+salted with brypted) quits the application.

As for using the ACCDE: As far as I could tell, Wireshark seems to show that there is just a lot of garbled crud over the internet connection, also I did not find the PHP URLS's.

I really want to know if this is safe enough.

Look forward to hearing from you!

best regards,
Pep
 
Uncle Gizmo

Uncle Gizmo

Nifty Access Guy
Staff member
Local time
Today, 17:38
Joined
Jul 9, 2003
Messages
16,282
I don't see anything in your question I feel I could help you with, mainly because I just don't understand what you're doing. Seeing as you have yet to receive a reply, I reckon other people may have come to the same conclusion as myself...

I would suggest that you add some more information, a better description, some examples, anything really to grab people's attention and interest in your problem. That way you might get a useful response.
 
T

tvanstiphout

Active member
Local time
Today, 09:38
Joined
Jan 22, 2016
Messages
222
orny said:
Hello all!
I have just done my first tests using Access (a non-encypted ACCDE front-end) in combination with PHP calls over SSL to a SSL encrypted MySQL backend. Anyone interested in trying to crack it open and tell me how they did it?

I've already tried to copy a new autoexec macro into th ACCDE, pointing to a new form, allowing me to alter settings. But I could only inject the rogue autoexec macro, not the frmRogueForm I had planned. The app launches with a modal popup login form, and closing that without clearing password (hashed+salted with brypted) quits the application.

As for using the ACCDE: As far as I could tell, Wireshark seems to show that there is just a lot of garbled crud over the internet connection, also I did not find the PHP URLS's.

I really want to know if this is safe enough.

Look forward to hearing from you!

best regards,
Pep
Click to expand...
The security of a server-side solution such as SQL Server or MySQL (unlike Access BE) depends 100% on the server, and is thus not an Access question. I figure that may contribute to a lack of responses.
 
S

sonic8

AWF VIP
Local time
Today, 18:38
Joined
Oct 27, 2015
Messages
998
tvanstiphout said:
The security of a server-side solution such as SQL Server or MySQL (unlike Access BE) depends 100% on the server, and is thus not an Access question.
Click to expand...
I disagree. The authentication of the client (be it application or user) is also a client side issue.
 
You must log in or register to reply here.

Similar threads

O
Hello all, newby from Amsterdam here with an ACCDE security quest
2
Replies
25
Views
1,217
MsAccessNL
MsAccessNL
Isaac
Some good advice and thoughts about programming in general
Replies
7
Views
1,306
Pat Hartman
P
josephbupe
Fetching All Data From mySQL And Display It In A Data-grid
Replies
4
Views
7,000
josephbupe
josephbupe
C
Use text in Combobox for Mysql
Replies
1
Views
800
plog
P
wiklendt
possible to combine Ken Higg's FE version control WITH DCrake's shell extension code?
2 3
Replies
41
Views
6,208
wiklendt
wiklendt

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Top Bottom