Re: Microsoft Access 97 Stores Database Password as Plaintext

[Smith () IAN ORG (Ian Smith)]

On Fri, 12 Feb 1999, Billy Naylor wrote:
>  Why pay money for something so simple ?
>
> #!/usr/bin/perl
> # cleanse.pl
> # Sets empty disk space to zero

One problem is most Windows boxes don't have Perl. (I love Perl.. I have
it on all MY Windows and Unix boxes, but thats just me)  Another is that
if you try that on a production NT server, once the disk gets full enough,
it will cause any programs trying to write to disk to fail.  It also does
not erase the unallocated portions of the swap file.  Also, don't run this
program during your nightly backup! :-)

Also if you are truly paranoid and want to wipe the disk out against any
possibility of recovery, the Perl script is not enough as the drive can be
taken apart and the data extracted unless you are VERY careful to run
cryptographicly strong random numbers at the drive multiple times, making
sure to also use patterns to toggle the bits the required number of times.

If the security of a server is not worth $10, why even bother? :-)

Now, on Unix if you are paranoid, you could modify the kernel source so
that when a file is unlinked, it scrubs the sectors with random garbage
before freeing the blocks.  Not sure how massive a performance hit that
would be though.

--
IanSmith () ncinter net                                  Visit Below!
My HP48/Imagine/ImageMaster/FractalExtreme Page  -->  www.ian.org
The best baseball simulation on the market!      -->  www.imonkey.com