[9410] in bugtraq
Re: Microsoft Access 97 Stores Database Password as Plaintext
daemon@ATHENA.MIT.EDU (sozni@USA.NET)
Mon Feb 8 13:03:35 1999
Date: Mon, 8 Feb 1999 10:15:39 -0500
Reply-To: sozni@USA.NET
From: sozni@USA.NET
To: BUGTRAQ@NETSPACE.ORG
This other issue you have brought up is indeed a very serious security risk. In fact I always open up Access databases in a hex editor just to see what I can find. There was an old add-in from Microsoft that contained a confidential (although not interesting) internal memo. I also once found a password for an online brokerage account in a production database.
The problem is that Access allocates the the space it needs for its tables but until used, that space will contain whatever used to be on those sectors on the hard drive.
My solution was to write a utility that will make a huge file filled with zeros the same size as the remaining space on the hard drive. Then I deleted that file and compacted the database into a new filename.
Of course this was several years ago when remaining space on a hard drive was negligent. I look at my remaining hard drive space now and making a 3GB file would not be practical. Perhaps you could make a small partition or even a ram drive just for this purpose.
.sozni
>Another issue: while looking ate mdb files in a text editor, i noticed
that the files contain 'garbage' info also (random memory
content, since it was info i typed minutes ago).
'compact database' didn't help.
A service provided by TechAID Computer Services, http://www.techaid.net
The e-mail address of the sender MAY NOT BE AUTHENTIC.
