Re: creating "semi-admin" user group
From: TC (aatcbbtccctc_at_yahoo.com)
Date: 02/02/05
- Next message: TC: "Re: creating "semi-admin" user group"
- Previous message: Jack MacDonald: "Re: Neophyte question about workgroups"
- In reply to: Jeff Conrad: "Re: creating "semi-admin" user group"
- Next in thread: Justin To via AccessMonster.com: "Re: creating "semi-admin" user group"
- Reply: Justin To via AccessMonster.com: "Re: creating "semi-admin" user group"
- Reply: Jeff Conrad: "Re: creating "semi-admin" user group"
- Messages sorted by: [ date ] [ thread ]
Date: 1 Feb 2005 22:44:15 -0800
Jeff, I used to think that constructing the password at runtime (eg. by
appending CHR()'s) was enough to hide it from an ascii scan of the MDE
file.
However, I now know that that is not the case! :-((
As you probably know already, Jet usually does not "zero out" unused
data space within an MDB *or MDE* file. Thus, an MDB or MDE file can
potentially contain whatever was left-around in memory at the time you
saved that file.
I have seen an MDE that contained, *in plain text form*, part of the
compiled source-code of a confidential registration module within that
MDE! I believe this occurred for the reason stated above. The
structured-storage stream containing the source-code was doubtless
discarded from the MDE, by Jet. But some of the data contained within
that stream was still in RAM, and was swept up, unintentionally, &
included in an unallocated buffer or page within the MDE!
Clearly, the chance of this occurring in any particular case, is highly
dependent on unpredictable factors; but it certainly can occur.
I've suggested to the OP an alternative method that he could use if he
reeeely reeeely reeeely had to worry about that level of detail. But I
concur with you that there comes a point where Access's security may
not be suitable for the task at hand.
Cheers,
TC
Jeff Conrad wrote:
> Hi Justin,
>
> If you are distributing MDE files (which you probably should be),
> then your password information would be pretty darn secure.
> If you are concerned about hackers or something then you really
> should not even be using Access at all! A file-based system is not
> as secure as a server-based system.
>
> However, another alternative was discussed between TC and myself.
> Re-read the thread again and especially the stuff near the bottom. TC
> suggested a way to "hide" the Password and User Name from prying
eyes:
>
> http://tinyurl.com/4yo26
>
> --
> Jeff Conrad
> Access Junkie
> Bend, Oregon
>
> "Justin To via AccessMonster.com" <forum@AccessMonster.com> wrote in
message
> news:313859cf46484527a721b4cd813d8369@AccessMonster.com...
> > hey guys, sorry to bother you again. but my boss didnt like the
idea of
> > hardcoding the password...is there another possible solutions?
> >
> > Thanks!
> > Justin
> >
> > --
> > Message posted via http://www.accessmonster.com
- Next message: TC: "Re: creating "semi-admin" user group"
- Previous message: Jack MacDonald: "Re: Neophyte question about workgroups"
- In reply to: Jeff Conrad: "Re: creating "semi-admin" user group"
- Next in thread: Justin To via AccessMonster.com: "Re: creating "semi-admin" user group"
- Reply: Justin To via AccessMonster.com: "Re: creating "semi-admin" user group"
- Reply: Jeff Conrad: "Re: creating "semi-admin" user group"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
