Re: Microsoft Access security

[SMiller () unimin com]

Sanjay,

If you appent a new row to the table and type data into those columns, does
it remain as entered?  AFAIK, MS Access has no tool that would selectively
allow columns to be encrypted.  However, I can easily think of several MOL
trivial ways to accomplish this.  The table could be processed by a query
that calls an encryption routine written in, say, VB.  Or, cruder but
equally effective, the column content could be exported to a text file,
processed by any number of encryption products (e.g., PGP), then read back
into the table, overwriting the original content.  How badly do you need to
know what is in those columns?  Has there been a risk assessed for not
doing so?

Scott
"If sports is the opiate of the masses, reality TV is the crack cocaine."


                                                                                                                        
   
                      <security@rexwire                                                                                 
   
                      .com>                    To:       <security-basics () securityfocus com>                         
      
                      Sent by: "Sanjay         cc:                                                                      
   
                      K. Patel"                Fax to:                                                                  
   
                      <sanjay.patel@rex        Subject:  Microsoft Access security                                      
   
                      wire.com>                                                                                         
   
                                                                                                                        
   
                                                                                                                        
   
                      04/26/2004 03:58                                                                                  
   
                      PM                                                                                                
   
                                                                                                                        
   
                                                                                                                        
   




Recently a consultant at one of our clients got let go under not so good
circumstances. We were called into see if he had left any backdoor behind.

We did not find any backdoors but we found out that he encrypted two
columns
of data in a access database. The data in the columns look like this
:)Orwjwlrju)Yuƒ)\}n);<99

We cant figure out how he encrypted it. Has anyone seen this before?

SKP



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less

to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------