bri189a Posted February 6, 2004 Posted February 6, 2004 (edited) Somebody with notepad could corrupt any file... nothing new there... heck while they're fishing around on the server opening files with notepad deleting away, why don't they just open up the EXE or DLL's and those MDF files TOO in NotePad and delete away... and since most people don't have sercuity set up properly on their servers and have Everyone set on Everything they can open System32 and any other critical folder on the server and start deleting away, remote open the registry and start deleting away, and then a crumby Access database being corrupted will be the least of his problems. So let's demonstrate the Access security I was speaking of. The administrator has to set up the program... he has to set up the database path. That path is saved in an encrypted key store. That path is absolute on the server so that a person couldn't just walk down the directories looking for it - i.e. that file has the permissions, but the folder above it and above them don't, they'd have to know the absolute path and file name, the file isn't shared. The user cannot know this information because it isn't shared, the file just has permissions, so the only way to access that file through Notepad is to type \\ServerName\DriveLetter$\FolderPath\SubFolederPath\..\ExactNamedDB.mdb simply opening Explorer and looking at the Shares on the server won't result in anything because it's not a share. Now if our 'hacker' has went to this much trouble... why would he even bother with a crumby Access DB, he'd have much bigger cake to eat at that point. Geesh.... Edited February 6, 2004 by bri189a Quote
*Gurus* Derek Stone Posted February 6, 2004 *Gurus* Posted February 6, 2004 Microsoft SQL Server, Oracle, MySQL, and numerous other RDMS work very differently than a Microsoft Access database. You do not need to compromise a server's security when using one of the database servers listed above. One can not say the same thing about a file-based database, such as Access. When statistics show that the majority of security problems arise from company employees, not external sources, one might not look at things with the same opinion as you do. Something to think about. Quote Posting Guidelines
bri189a Posted February 6, 2004 Posted February 6, 2004 I agree whole-heartedly with that... it's like 90% are employee based or some outrageous number like that, as I said a few posts ago, the whole point was to let him know the options are there, how he uses it, and if he's concerned about security, that's his call, but he doesn't have to spend thousands of dollars for an application that doesn't require that level of security or that level of control...agree?, as I said a few post ago, if I was worried about security I'd use something else. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.