Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft Access 97 Stores Database Password as Plaintext

From: sozni () USA NET (sozni () USA NET)
Date: Mon, 8 Feb 1999 10:15:39 -0500

This other issue you have brought up is indeed a very serious security risk.  In fact I always open up Access databases 
in a hex editor just to see what I can find.  There was an old add-in from Microsoft that contained a confidential 
(although not interesting) internal memo.  I also once found a password for an online brokerage account in a production 
database.

The problem is that Access allocates the the space it needs for its tables but until used, that space will contain 
whatever used to be on those sectors on the hard drive.

My solution was to write a utility that will make a huge file filled with zeros the same size as the remaining space on 
the hard drive.  Then I deleted that file and compacted the database into a new filename.

Of course this was several years ago when remaining space on a hard drive was negligent.  I look at my remaining hard 
drive space now and making a 3GB file would not be practical.  Perhaps you could make a small partition or even a ram 
drive just for this purpose.

.sozni


Another issue: while looking ate mdb files in a text editor, i noticed

that the files contain 'garbage' info also (random memory
content, since it was info i typed minutes ago).
'compact database' didn't help.

A service provided by TechAID Computer Services, http://www.techaid.net
The e-mail address of the sender MAY NOT BE AUTHENTIC.
Previous By Date Next
Previous By Thread Next

Current thread: