Bugtraq mailing list archives
Re: Microsoft Access 97 Stores Database Password as Plaintext
From: njl98r () ECS SOTON AC UK (Nick Lamb)
Date: Mon, 8 Feb 1999 23:13:34 +0000
On Mon, 8 Feb 1999 sozni () USA NET wrote: [Added line breaks]
This other issue you have brought up is indeed a very serious security risk In fact I always open up Access databases in a hex editor just to see what
The problem is that Access allocates the the space it needs for its tables but until used, that space will contain whatever used to be on those sectors on the hard drive.
This shouldn't be a problem in a well-behaved system. There's no reason for the OS to hand people the contents of old (deleted?) files when they try to read data which they've never written. Presumably this wouldn't happen on NT Workstation/Server running Access? I suspect that Access would really like to create a file with holes (to save allocating unnecessary disk) but of course, this only works for NTFS and thus can't be required without losing a lot of potential users. Nick.
Current thread:
- Re: Microsoft Access 97 Stores Database Password as Plaintext, (continued)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Sozni (Feb 05)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Ervin Fried (Feb 05)
- Re: Microsoft Access 97 Stores Database Password as Plaintext sozni () USA NET (Feb 08)
- Pine _again_ :) Chris Evans (Feb 08)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Stephen M. Milton (Feb 08)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Jim Paris (Feb 09)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Jim Paris (Feb 09)
- SECURITY: new wu-ftpd packages available (fwd) RHS Linux User (Feb 09)
- Re: SECURITY: new wu-ftpd packages available (fwd) Ronald Wahl (Feb 10)
- Pro/wuFTPD DoS (Was: Re: SECURITY: new wu-ftpd packages available Ken Williams (Feb 11)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Billy Naylor (Feb 12)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Ian Smith (Feb 12)
- Applets listening on Sockets in Java Tim Wright (Feb 12)
- Applets listening on Sockets in Java Lincoln Stein (Feb 13)
- Re: Applets listening on Sockets in Java Tim Wright (Feb 15)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Michael Nelson (Feb 12)