Using MsAccess in Combination with PHP and MySQL: security (1 Viewer)

orny

New member
Joined
Oct 18, 2023
Messages
10
Hello all!
I have just done my first tests using Access (a non-encypted ACCDE front-end) in combination with PHP calls over SSL to a SSL encrypted MySQL backend. Anyone interested in trying to crack it open and tell me how they did it?

I've already tried to copy a new autoexec macro into th ACCDE, pointing to a new form, allowing me to alter settings. But I could only inject the rogue autoexec macro, not the frmRogueForm I had planned. The app launches with a modal popup login form, and closing that without clearing password (hashed+salted with brypted) quits the application.

As for using the ACCDE: As far as I could tell, Wireshark seems to show that there is just a lot of garbled crud over the internet connection, also I did not find the PHP URLS's.

I really want to know if this is safe enough.

Look forward to hearing from you!

best regards,
Pep
 
I don't see anything in your question I feel I could help you with, mainly because I just don't understand what you're doing. Seeing as you have yet to receive a reply, I reckon other people may have come to the same conclusion as myself...

I would suggest that you add some more information, a better description, some examples, anything really to grab people's attention and interest in your problem. That way you might get a useful response.
 
Hello all!
I have just done my first tests using Access (a non-encypted ACCDE front-end) in combination with PHP calls over SSL to a SSL encrypted MySQL backend. Anyone interested in trying to crack it open and tell me how they did it?

I've already tried to copy a new autoexec macro into th ACCDE, pointing to a new form, allowing me to alter settings. But I could only inject the rogue autoexec macro, not the frmRogueForm I had planned. The app launches with a modal popup login form, and closing that without clearing password (hashed+salted with brypted) quits the application.

As for using the ACCDE: As far as I could tell, Wireshark seems to show that there is just a lot of garbled crud over the internet connection, also I did not find the PHP URLS's.

I really want to know if this is safe enough.

Look forward to hearing from you!

best regards,
Pep
The security of a server-side solution such as SQL Server or MySQL (unlike Access BE) depends 100% on the server, and is thus not an Access question. I figure that may contribute to a lack of responses.
 
The security of a server-side solution such as SQL Server or MySQL (unlike Access BE) depends 100% on the server, and is thus not an Access question.
I disagree. The authentication of the client (be it application or user) is also a client side issue.
 

Users who are viewing this thread

Top Bottom