Bugtraq mailing list archives
Re: Microsoft Access 97 Stores Database Password as Plaintext
From: sozni () USA NET (sozni () USA NET)
Date: Mon, 8 Feb 1999 10:15:39 -0500
This other issue you have brought up is indeed a very serious security risk. In fact I always open up Access databases in a hex editor just to see what I can find. There was an old add-in from Microsoft that contained a confidential (although not interesting) internal memo. I also once found a password for an online brokerage account in a production database. The problem is that Access allocates the the space it needs for its tables but until used, that space will contain whatever used to be on those sectors on the hard drive. My solution was to write a utility that will make a huge file filled with zeros the same size as the remaining space on the hard drive. Then I deleted that file and compacted the database into a new filename. Of course this was several years ago when remaining space on a hard drive was negligent. I look at my remaining hard drive space now and making a 3GB file would not be practical. Perhaps you could make a small partition or even a ram drive just for this purpose. .sozni
Another issue: while looking ate mdb files in a text editor, i noticed
that the files contain 'garbage' info also (random memory content, since it was info i typed minutes ago). 'compact database' didn't help. A service provided by TechAID Computer Services, http://www.techaid.net The e-mail address of the sender MAY NOT BE AUTHENTIC.
Current thread:
- Re: Microsoft Access 97 Stores Database Password as Plaintext Paul Leach (Feb 04)
- <Possible follow-ups>
- Re: Microsoft Access 97 Stores Database Password as Plaintext Donald Moore (Feb 04)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Allan Marillier (Feb 04)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Kehoe, Anthony (Feb 05)
- FW: Microsoft Access 97 Stores Database Password as Plaintext Eric Stevens (Feb 05)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Fernald, Brian (Feb 05)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Sozni (Feb 05)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Ervin Fried (Feb 05)
- Re: Microsoft Access 97 Stores Database Password as Plaintext sozni () USA NET (Feb 08)
- Pine _again_ :) Chris Evans (Feb 08)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Stephen M. Milton (Feb 08)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Jim Paris (Feb 09)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Jim Paris (Feb 09)
- SECURITY: new wu-ftpd packages available (fwd) RHS Linux User (Feb 09)
- Re: SECURITY: new wu-ftpd packages available (fwd) Ronald Wahl (Feb 10)
- Pro/wuFTPD DoS (Was: Re: SECURITY: new wu-ftpd packages available Ken Williams (Feb 11)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Billy Naylor (Feb 12)