Bugtraq mailing list archives
Re: Microsoft Access 97 Stores Database Password as Plaintext
From: Smith () IAN ORG (Ian Smith)
Date: Fri, 12 Feb 1999 09:17:14 -0500
On Fri, 12 Feb 1999, Billy Naylor wrote:
Why pay money for something so simple ? #!/usr/bin/perl # cleanse.pl # Sets empty disk space to zero
One problem is most Windows boxes don't have Perl. (I love Perl.. I have it on all MY Windows and Unix boxes, but thats just me) Another is that if you try that on a production NT server, once the disk gets full enough, it will cause any programs trying to write to disk to fail. It also does not erase the unallocated portions of the swap file. Also, don't run this program during your nightly backup! :-) Also if you are truly paranoid and want to wipe the disk out against any possibility of recovery, the Perl script is not enough as the drive can be taken apart and the data extracted unless you are VERY careful to run cryptographicly strong random numbers at the drive multiple times, making sure to also use patterns to toggle the bits the required number of times. If the security of a server is not worth $10, why even bother? :-) Now, on Unix if you are paranoid, you could modify the kernel source so that when a file is unlinked, it scrubs the sectors with random garbage before freeing the blocks. Not sure how massive a performance hit that would be though. -- IanSmith () ncinter net Visit Below! My HP48/Imagine/ImageMaster/FractalExtreme Page --> www.ian.org The best baseball simulation on the market! --> www.imonkey.com
Current thread:
- Pine _again_ :), (continued)
- Pine _again_ :) Chris Evans (Feb 08)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Stephen M. Milton (Feb 08)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Jim Paris (Feb 09)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Jim Paris (Feb 09)
- SECURITY: new wu-ftpd packages available (fwd) RHS Linux User (Feb 09)
- Re: SECURITY: new wu-ftpd packages available (fwd) Ronald Wahl (Feb 10)
- Pro/wuFTPD DoS (Was: Re: SECURITY: new wu-ftpd packages available Ken Williams (Feb 11)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Billy Naylor (Feb 12)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Ian Smith (Feb 12)
- Applets listening on Sockets in Java Tim Wright (Feb 12)
- Applets listening on Sockets in Java Lincoln Stein (Feb 13)
- Re: Applets listening on Sockets in Java Tim Wright (Feb 15)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Michael Nelson (Feb 12)