|
web
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Password ProtectWondering if anyone else has thought of this and just said "oh well"... I plan to password protect an MDB where I have some system/program variables and data. But looking in google, there are plenty of programs a user can download to hack and crack that password. So Im assuming... let the hacks and cracks be, do the MDB and if someone really wants to see some system varables ( such as last 10 logins ) and things like that...let them. I havn't read up on encryption yet and seen if that can be reversed as well. Just wondering for some simple ideas what others have done. At some point it doesnt become worth my time to lock it down, time wasted could be better spent somewhere else. Thanks, Miro Hello, Miro,
You need to first consider the reasons that you need protection and the threats/consequences that you face. Then decide the level of security to apply. There can be many different reasons you might have for choosing to apply security. For example: - protecting the maintainability of the data or application. (I.e. preventing casual or inadvertent changes.) - protecting the intellectual property represented by the application itself. - protecting highly sensitive or classified information. No security should be considered absolute. Typically, the level of protection needs to be considered in relation to the value of the asset being protected. (As you said "At some point it doesnt become worth my time".) Security is probably good enough if unauthorized access to the asset is not worth the trouble. The level of protection should also be considered in relation to all of the other "technologies" that give access to the asset. For example, there is little point protecting a data source with retinal scanners if printouts of the protected data can be obtained from the trash bin in the alley, or if the information can be obtained by phoning someone in the organization. (Information security is first and foremost a "people" issue. Without the understanding and support of the people who work with the information, any "technological" protection will be of little value.) After you have determined the level of security required, then you can think about what technology (and corporate culture) is required to support it. It may be that no protection is required. Or perhaps a password protected Access DB on the internet is good enough. Or it may be that you need something much stronger, on an isolated network in an electronically impervious environment. In the case of your MDB, I guess that security was not one of the design considerations. That may be an indication that the value of the asset is small (in which case the need for protection will also be small) but I would advise confirming this with the "owners" of the asset. Cheers, Randy Miro wrote: Show quoteHide quote > Why Password protect an MDB when someone can google and get a hack? > > Wondering if anyone else has thought of this and just said "oh well"... > > I plan to password protect an MDB where I have some system/program variables > and data. > > But looking in google, there are plenty of programs a user can download to > hack and crack that password. > > So Im assuming... let the hacks and cracks be, do the MDB and if someone > really wants to see some system > varables ( such as last 10 logins ) and things like that...let them. > > I havn't read up on encryption yet and seen if that can be reversed as well. > > Just wondering for some simple ideas what others have done. At some point > it doesnt become worth my time > to lock it down, time wasted could be better spent somewhere else. > > Thanks, > > Miro > > On Tue, 20 Jun 2006 16:37:56 -0400, "Miro" <miron***@golden.net> wrote: ¤ Why Password protect an MDB when someone can google and get a hack?¤ ¤ Wondering if anyone else has thought of this and just said "oh well"... ¤ ¤ I plan to password protect an MDB where I have some system/program variables ¤ and data. ¤ ¤ But looking in google, there are plenty of programs a user can download to ¤ hack and crack that password. ¤ ¤ So Im assuming... let the hacks and cracks be, do the MDB and if someone ¤ really wants to see some system ¤ varables ( such as last 10 logins ) and things like that...let them. ¤ ¤ I havn't read up on encryption yet and seen if that can be reversed as well. ¤ ¤ Just wondering for some simple ideas what others have done. At some point ¤ it doesnt become worth my time ¤ to lock it down, time wasted could be better spent somewhere else. If you really want to prevent someone from seeing the data in an Access database then I would encrypt it. There are plenty of encryption routines to choose from that will discourage just about anyone other than a diehard hacker, and even a diehard hacker won't waste his time unless the data is extremely sensitive. You can use a database password as well and that will keep most folks out. User-level security offers an improvement but it's a bit more complicated to implement. But neither of these measures should be the only line of defense if you're really concerned about your data becoming public. Paul ~~~~ Microsoft MVP (Visual Basic) Yes it was more for a learning thing.
Im still learning Vb.net... so i write something...and then try to break it any way i can. Lately ive been playing with mdb files, and stumbled upon this. I considered encryption but again... you are right...the data isnt sensitive enough that I will be storing there. I just like to keep some things out of reach of users. :) Most of us have tried to hack a saved game or something to increase lifespan or lives or something. Same idea i was fiddling with. Not a big issue... just wondering more than anything - or if i was missing something in a db setup. Thanks, Miro Show quoteHide quote "Paul Clement" <UseAdddressAtEndofMess***@swspectrum.com> wrote in message news:udii92p1q7fgrl64heg2cdpnm3g9kpt9sg@4ax.com... > On Tue, 20 Jun 2006 16:37:56 -0400, "Miro" <miron***@golden.net> wrote: > > ¤ Why Password protect an MDB when someone can google and get a hack? > ¤ > ¤ Wondering if anyone else has thought of this and just said "oh well"... > ¤ > ¤ I plan to password protect an MDB where I have some system/program > variables > ¤ and data. > ¤ > ¤ But looking in google, there are plenty of programs a user can download > to > ¤ hack and crack that password. > ¤ > ¤ So Im assuming... let the hacks and cracks be, do the MDB and if someone > ¤ really wants to see some system > ¤ varables ( such as last 10 logins ) and things like that...let them. > ¤ > ¤ I havn't read up on encryption yet and seen if that can be reversed as > well. > ¤ > ¤ Just wondering for some simple ideas what others have done. At some > point > ¤ it doesnt become worth my time > ¤ to lock it down, time wasted could be better spent somewhere else. > > If you really want to prevent someone from seeing the data in an Access > database then I would > encrypt it. There are plenty of encryption routines to choose from that > will discourage just about > anyone other than a diehard hacker, and even a diehard hacker won't waste > his time unless the data > is extremely sensitive. > > You can use a database password as well and that will keep most folks out. > User-level security > offers an improvement but it's a bit more complicated to implement. But > neither of these measures > should be the only line of defense if you're really concerned about your > data becoming public. > > > Paul > ~~~~ > Microsoft MVP (Visual Basic) 
Other interesting topics
Write to an XML file using data from an SQLserver table
Master Page Template DataBinding with Unbound Columns and calling EndCurrentEdit ListBox Problem Limit ComboBox entry to ipaddress format XML WebSvc Proxy Code Syntax Questions firing a dts package's execution How To Show Partial Classes as a Hierarchy in Solution Explorer? Passing a parameter Collection Using .NET user controls into VB6 |
|||||||||||||||||||||||
