Hello, Miro,
You need to first consider the reasons that you need protection and the
threats/consequences that you face. Then decide the level of security
to apply.
There can be many different reasons you might have for choosing to apply
security. For example:
- protecting the maintainability of the data or application. (I.e.
preventing casual or inadvertent changes.)
- protecting the intellectual property represented by the application
itself.
- protecting highly sensitive or classified information.
No security should be considered absolute. Typically, the level of
protection needs to be considered in relation to the value of the asset
being protected. (As you said "At some point it doesnt become worth my
time".) Security is probably good enough if unauthorized access to the
asset is not worth the trouble.
The level of protection should also be considered in relation to all of
the other "technologi es" that give access to the asset. For example,
there is little point protecting a data source with retinal scanners if
printouts of the protected data can be obtained from the trash bin in
the alley, or if the information can be obtained by phoning someone in
the organization. (Information security is first and foremost a
"people" issue. Without the understanding and support of the people who
work with the information, any "technologi cal" protection will be of
little value.)
After you have determined the level of security required, then you can
think about what technology (and corporate culture) is required to
support it. It may be that no protection is required. Or perhaps a
password protected Access DB on the internet is good enough. Or it may
be that you need something much stronger, on an isolated network in an
electronically impervious environment.
In the case of your MDB, I guess that security was not one of the design
considerations. That may be an indication that the value of the asset
is small (in which case the need for protection will also be small) but
I would advise confirming this with the "owners" of the asset.
Cheers,
Randy
Miro wrote:
Why Password protect an MDB when someone can google and get a hack?
Wondering if anyone else has thought of this and just said "oh well"...
I plan to password protect an MDB where I have some system/program variables
and data.
But looking in google, there are plenty of programs a user can download to
hack and crack that password.
So Im assuming... let the hacks and cracks be, do the MDB and if someone
really wants to see some system
varables ( such as last 10 logins ) and things like that...let them.
I havn't read up on encryption yet and seen if that can be reversed as well.
Just wondering for some simple ideas what others have done. At some point
it doesnt become worth my time
to lock it down, time wasted could be better spent somewhere else.
Thanks,
Miro
