By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,567 Members | 1,056 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,567 IT Pros & Developers. It's quick & easy.

Password Protect

P: n/a
Why Password protect an MDB when someone can google and get a hack?

Wondering if anyone else has thought of this and just said "oh well"...

I plan to password protect an MDB where I have some system/program variables
and data.

But looking in google, there are plenty of programs a user can download to
hack and crack that password.

So Im assuming... let the hacks and cracks be, do the MDB and if someone
really wants to see some system
varables ( such as last 10 logins ) and things like that...let them.

I havn't read up on encryption yet and seen if that can be reversed as well.

Just wondering for some simple ideas what others have done. At some point
it doesnt become worth my time
to lock it down, time wasted could be better spent somewhere else.

Thanks,

Miro
Jun 20 '06 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Hello, Miro,

You need to first consider the reasons that you need protection and the
threats/consequences that you face. Then decide the level of security
to apply.

There can be many different reasons you might have for choosing to apply
security. For example:

- protecting the maintainability of the data or application. (I.e.
preventing casual or inadvertent changes.)

- protecting the intellectual property represented by the application
itself.

- protecting highly sensitive or classified information.

No security should be considered absolute. Typically, the level of
protection needs to be considered in relation to the value of the asset
being protected. (As you said "At some point it doesnt become worth my
time".) Security is probably good enough if unauthorized access to the
asset is not worth the trouble.

The level of protection should also be considered in relation to all of
the other "technologies" that give access to the asset. For example,
there is little point protecting a data source with retinal scanners if
printouts of the protected data can be obtained from the trash bin in
the alley, or if the information can be obtained by phoning someone in
the organization. (Information security is first and foremost a
"people" issue. Without the understanding and support of the people who
work with the information, any "technological" protection will be of
little value.)

After you have determined the level of security required, then you can
think about what technology (and corporate culture) is required to
support it. It may be that no protection is required. Or perhaps a
password protected Access DB on the internet is good enough. Or it may
be that you need something much stronger, on an isolated network in an
electronically impervious environment.

In the case of your MDB, I guess that security was not one of the design
considerations. That may be an indication that the value of the asset
is small (in which case the need for protection will also be small) but
I would advise confirming this with the "owners" of the asset.

Cheers,
Randy
Miro wrote:
Why Password protect an MDB when someone can google and get a hack?

Wondering if anyone else has thought of this and just said "oh well"...

I plan to password protect an MDB where I have some system/program variables
and data.

But looking in google, there are plenty of programs a user can download to
hack and crack that password.

So Im assuming... let the hacks and cracks be, do the MDB and if someone
really wants to see some system
varables ( such as last 10 logins ) and things like that...let them.

I havn't read up on encryption yet and seen if that can be reversed as well.

Just wondering for some simple ideas what others have done. At some point
it doesnt become worth my time
to lock it down, time wasted could be better spent somewhere else.

Thanks,

Miro

Jun 21 '06 #2

P: n/a
On Tue, 20 Jun 2006 16:37:56 -0400, "Miro" <mi******@golden.net> wrote:

Why Password protect an MDB when someone can google and get a hack?

Wondering if anyone else has thought of this and just said "oh well"...

I plan to password protect an MDB where I have some system/program variables
and data.

But looking in google, there are plenty of programs a user can download to
hack and crack that password.

So Im assuming... let the hacks and cracks be, do the MDB and if someone
really wants to see some system
varables ( such as last 10 logins ) and things like that...let them.

I havn't read up on encryption yet and seen if that can be reversed as well.

Just wondering for some simple ideas what others have done. At some point
it doesnt become worth my time
to lock it down, time wasted could be better spent somewhere else.

If you really want to prevent someone from seeing the data in an Access database then I would
encrypt it. There are plenty of encryption routines to choose from that will discourage just about
anyone other than a diehard hacker, and even a diehard hacker won't waste his time unless the data
is extremely sensitive.

You can use a database password as well and that will keep most folks out. User-level security
offers an improvement but it's a bit more complicated to implement. But neither of these measures
should be the only line of defense if you're really concerned about your data becoming public.
Paul
~~~~
Microsoft MVP (Visual Basic)
Jun 21 '06 #3

P: n/a
Yes it was more for a learning thing.

Im still learning Vb.net... so i write something...and then try to break it
any way i can.
Lately ive been playing with mdb files, and stumbled upon this.

I considered encryption but again... you are right...the data isnt sensitive
enough that I will be storing there.
I just like to keep some things out of reach of users. :)

Most of us have tried to hack a saved game or something to increase lifespan
or lives or something.
Same idea i was fiddling with. Not a big issue... just wondering more than
anything - or if i was missing something in
a db setup.

Thanks,

Miro

"Paul Clement" <Us***********************@swspectrum.com> wrote in message
news:ud********************************@4ax.com...
On Tue, 20 Jun 2006 16:37:56 -0400, "Miro" <mi******@golden.net> wrote:

Why Password protect an MDB when someone can google and get a hack?

Wondering if anyone else has thought of this and just said "oh well"...

I plan to password protect an MDB where I have some system/program
variables
and data.

But looking in google, there are plenty of programs a user can download
to
hack and crack that password.

So Im assuming... let the hacks and cracks be, do the MDB and if someone
really wants to see some system
varables ( such as last 10 logins ) and things like that...let them.

I havn't read up on encryption yet and seen if that can be reversed as
well.

Just wondering for some simple ideas what others have done. At some
point
it doesnt become worth my time
to lock it down, time wasted could be better spent somewhere else.

If you really want to prevent someone from seeing the data in an Access
database then I would
encrypt it. There are plenty of encryption routines to choose from that
will discourage just about
anyone other than a diehard hacker, and even a diehard hacker won't waste
his time unless the data
is extremely sensitive.

You can use a database password as well and that will keep most folks out.
User-level security
offers an improvement but it's a bit more complicated to implement. But
neither of these measures
should be the only line of defense if you're really concerned about your
data becoming public.
Paul
~~~~
Microsoft MVP (Visual Basic)

Jun 22 '06 #4

This discussion thread is closed

Replies have been disabled for this discussion.