[1192] in cryptography@c2.net mail archive
RE: Re: MS Access 'known database attack'
daemon@ATHENA.MIT.EDU (jay holovacs)
Wed Jul 9 22:24:40 1997
From: jay holovacs <holovacs@idt.net>
To: "Matthew James Gering" <mgering@ricochet.net>,
"'cryptography@c2.net'" <cryptography@c2.net>
Date: Wed, 9 Jul 1997 21:58 -0400
==========================
>From: "Matthew James Gering" <mgering@ricochet.net>
>To: "'cryptography@c2.net'" <cryptography@c2.net>
>MS Access has security turned off by default. If you can open a database
>w/o a password, and have full access to all the objects, then security was
>not implemented.
>
>You can implement security in Access by proper use of the system.mda. If
>the hacker does not have access to the original system.mda that the
>database was developed with, that is not to be distributed with the
>database, nor stored on a network -- then the hacker will not be able to
>gain such simple access.
>
There are two types of Access security. The system.mda strictly handles
users and groups for permission levels. It does *not* encrypt the .mdb file
(you can see a lot of interesting stuff with a hex editor)
You must explicitly encrypt the file with the encryption function to make the
mdb (relatively) unreadable.
Jay Holovacs
>
