prevent password hack

R

revlisj

Registered User.
Local time
Today, 09:43
Joined
Jun 11, 2013
Messages
29
Hi All,

I'm using Access 2010 to develop applications containing sensitive data. I would like to properly secure the data. I've created several applications with a front end (accde) linked to a back end (accdb). The back end databases are password protected. But...from all that I've read online, there are plenty of free apps to crack the database password in a minute or two.

Apparently, MS Access stores the back end database password in the front end data base in a not so secure fashion.

Is there a way to prevent a database password from being hacked?

Cheers
 
if you are really concerned about data security, don't bother with an access back end - use sql server.

access 2007 and later uses a much higher level of encryption than 2003 and earlier. Earlier versions could be cracked in a few minutes, but later versions are significantly stronger - don't have any figures but days and weeks - any encryption can be hacked given enough time a resources.

you need to develop a security policy to determine what is required. protect what? from who? from doing what?

The weakness of access from a security perspective is a) many apps are developed without any consideration for security from the onset - it is not an add on but needs to be built in from the beginning and b) anyone can walk off with a copy of the back end - but if password protected and they don't have the time and resources, the data is pretty secure, but really, you don't want them to walk off with it in the first place (or delete it for that matter) - so that is windows security, not access. Hence suggesting using sql server.

You can provide all the protection you like, but if sales people can view on screen all the customers as a list (using datasheets is a good example), unless you have protected it from happening there is no reason why they can't simply highlight all the controls and copy and paste into excel. Or perhaps you haven't disabled the ability to take screenshots.

And don't forget backups are just as important for data protection, so that area needs to be protected as well.

Other things to take into account - have you protected the db from sql injection? - someone knowing what they are doing can delete all tables when they are supposed to be entering a customer name for example.

So assess the sensitivity, assess the risks, then develop and implement your policy.

Apparently, MS Access stores the back end database password in the front end data base in a not so secure fashion.
Click to expand...
true, but there are ways to obscure the password, but a sophisticated user will still be able to find it with enough time and resources

Is there a way to prevent a database password from being hacked?
Click to expand...
No - any password on any system (not just access) can be hacked in time. Best you can do is slow them down until the investment in time and resources does not make it worthwhile
 
You must log in or register to reply here.

Similar threads

The_Doc_Man
Important Security Guidelines
2
Replies
24
Views
706
The_Doc_Man
The_Doc_Man
D
Darshan Hiranandani : How to Access a Password-Protected MDB Database with an MDW File and Unknown User Password?
Replies
3
Views
461
Isaac
Isaac
B
Advice Request : Simplest method to allow multi-site access to a prototype database
Replies
10
Views
382
Pat Hartman
P
Libre
How to distribute an Access app?
Replies
19
Views
986
Libre
Libre
Rythorian
Hey everyone, I'm Ryo from USA Maine
Replies
1
Views
124
Jon
Jon

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top Bottom