"Donald Moore (MindRape)" wrote: > Microsoft Access 97 databases protected with a password are stored in > foreign mdb's table attachements as plaintext. Even if the above it's bad, at least is documented. >From Access97 help: ---- topic: About linking tables from a password-protected database To link a table from a Microsoft Access database that is password-protected, you must supply the correct password. If you supply the correct password, Microsoft Access stores the database password with the information that defines the link to the table. After the link has been defined, any user who can open the database that the table is linked to can open the linked table. When a user opens the linked table, Microsoft Access uses the stored password to open the database where the table is stored. If the password is changed for the database where the table is stored, the next time the linked table is opened, the new password must be supplied before Microsoft Access will open it. Microsoft Access stores the database password in an unencrypted form. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If this will compromise the security of the password-protected database, you should not use a database password to protect the database. Instead, you should define user-level security to control access to sensitive data in that database. For more information on user-level security, click >> ------ Some good news: Passwords for linked tables pointing to an ODBC datasource are not stored in database (at least not in plaintext) in the default config. The password can be stored if you insist. (if you link manually, then there is a 'Save password checkbox') and there is the system table MSysConf. again from the help: == Use the MSysConf table with linked SQL databases If you are administering an SQL database that uses Microsoft Access as a front end, you can create a table in your SQL database named MSysConf to help you control communication between the two applications. The MSysConf table has two potential functions: 1. It can disable the feature that enables users to save the logon ID and password for a linked SQL database in the Microsoft Access front end. [snip] The data in the MSysConf table There are three valid records in the MSysConf table. The following table shows what values you should enter in the Config and nValue field. The other columns are reserved for future use, and their contents are ignored. Config nValue Meaning 101 0 Don't allow local storage of the logon ID and password in linked tables. 101 1 Allow local storage of the logon ID and password in linked tables. ====== this may give a workaround for the plaintext problem: don't link directly to the .mdb, but set-up an ODBC datasource and link to your tables via that datasource. the above may not work. i'm trying to do it for the last hour, and Access hangs after i select the ODBC DSN. Another issue: while looking ate mdb files in a text editor, i noticed that the files contain 'garbage' info also (random memory content, since it was info i typed minutes ago). 'compact database' didn't help. I can't tell much about this yet, but i remember this was an issue with Mac versions of MSOffice software Regards, Ervin
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:55 PDT