Standard Jet Db Password4/22/2021
It solves a long standing problem of how to consolidate error handling into one global location and avoid repetitious code within applications.Joe Anderson, Microsoft Access MVP.Due to recent discussions in the microsoft.public.access.security newsgroup, it has become apparent that some people do not properly understand how Jet implements the various levels of security features that it offers.I wont be discussing Access-specific security features here (such as MDE file protection) - nor will I be providing the actual significant implementation details of the security methods offered I will simply explain in brief form how each method works, under the hood.
![]() Standard Jet Db Code Within ApplicationsAs you probably already know, there are three types of built-in security for Jet MDB databases. The most fundamental thing to understand is that all three of these security features can be bypassed very easily. There is no such thing as a secure MDB file unless you look at using your own techniques to enhance the protection (not discussed here). Now lets look at each of the built-in security options in brief detail. Jet 3: The database password, when set, is stored as plain text in the MDB file header. ![]() Jet 3 AND 4: The MDB file header itself is further obfuscated with an XOR pattern although its a constant XOR stream this time. I describe these XOR encryption algorithms as obfuscation rather than encryption, given how simple they are). When you open your MDB file, you are prompted for the password and then Jet can easily decode the original password to check it matches perfectly with the password that was entered. When Jet encryption has been applied to an MDB file, the whole file (apart from the file header) is encrypted with the well known RC4 algorithm, using a 32-bit encryption key. The encryption key for the algorithm is a random key that is generated by Jet when you choose to encrypt the file. The generated encryption key is then stored in the file header (with the simple XOR obfuscation to try to avoid being easily detected). ULS offers a relatively easy way to manage multiple users accessing your database and configuringrestricting access rights to certain parts of your file for them users. Under the hood, Jet uses a system table called MSysACEs in your main database file to identify what objects each usergroup in your MDW workgroup file has access too (and what type of access they have). Jet enforces the restrictions at runtime by matching your user and group PIDs in the MSysACEs table. Standard Jet Db Software To OpenIf you use alternative software to open the file then you can gain full access to the data without worrying about ULS at all. Now the slightly confusing part is that when you use the Access wizards to setup user level security, Access also sets up Jet encryption for you at the same time. Some people assume that because of this, your file is more secure but the truth is that since each of the three types of security are totally separately implemented in Jet, the result is not any better than each applied individually. One might wrongly assume that due to having both ULS and Jet encryption set, Jet might not store the encryption key in the file header anymore and instead decode the key when the user enters the correct password for their account. Given that each of the three types of security are easily by-passable individually, this also means that your file is no more secure when using a combination of ULS Jet encryption. In conclusion, there is no real security for an MDB file, since each of the security methods have been exploited for years. If you wish to learn how to actually implement these security features then consider buying the book Real World Microsoft Access Database Protection and Security by Garry Robinson.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |