用户/组安全 - 它有多糟糕？ [英] User/Group Security -- Just How Bad Is It?

问题描述

过去我一直认为用户/组安全性非常紧张。它实现了b $ b很难实现，但是一旦正确实施，除非通过专门的努力，否则它不会被破解。


最近，我看到一些东西大大降低了我对

用户/组安全性的看法。我向一位同事发送了一个安全的数据库。我忘了向他发送工作组文件，但是这并没有让他失望。

第二天，他把我要求的工作发给了我，另外，

提到他构建了自己的工作组文件版本 - 然后

他列出了应用程序中使用的每个用户/ PID组合。换句话说，

他完全破解了安全性。我告诉他他是怎么做到的，并且他说他使用了从互联网上下载的工具。我们碰巧是使用Access 2000的

，但他说它与Access 2003一样好用。


根据这种经验，Access安全性现在看起来非常弱到我/ b $ b我。然而，在我得出这个结论之前，我想发布

新组进行现实检查。

保护申请时，我是否犯了一些业余错误？ （即Duh！如果你没有在fizziwig表格上查看woo-woo

框，当然每个人都可以看到你的用户/ PID

数据！ 或者用户/组安全真的很弱，而我只是知道的最后一个？
？ （即你不知道用户/团体的安全是没有价值的吗？

你一直住在山洞里吗？）


要放我以一个特定问题的形式表达了我的担忧：访问

安全性真的如此之弱以至于正确安全的Access应用程序可以使用下载的软件在不到一分钟的时间内完全破解

来自互联网？


很高兴知道。

-TC

In the past I always regarded user/group security as fairly tight. It
is tricky to implement, but once implemented properly, it can''t be
cracked except through a dedicated effort.

Recently, however, I saw something which greatly lowered my opinion of
user/group security. I sent a secured database to a colleague. I forgot
to send him the workgroup file, but that didn''t slow him down at all.
The next day, he sent me the work I had requested and, as an aside,
mentioned that he built his own version of the workgroup file -- then
he listed every user/PID combination used in the app. In other words,
he had completely cracked the security. I asked him how he did it, and
he said he used a tool downloaded from the internet. We happened to be
using Access 2000, but he says it works just as well with Access 2003.

Based on that experience, Access security now looks extremely weak to
me. Before I reach that conclusion, however, I want to post on the
newgroup for a reality check. Did I make some amateur mistake when
securing the application? (i.e. "Duh! If you don''t check the woo-woo
box on the fizziwig form, of course everybody can see your user/PID
data!") Or is user/group security truly weak, and I''m just the last to
know? (i.e. "You didn''t know user/group security was worthless? Have
you been living in a cave?")

To put my concerns in the form of a specific question: Is Access
security really so weak that a properly secured Access application can
be completely cracked in less than a minute using software downloaded
from the internet?

It would be good to know.
-TC

推荐答案

显而易见的第一个问题是在发送应用程序之前，您是否删除了管理员

用户的所有权限？如果你不这样做，那么你的数据库是不安全的，期限。

The obvious first question is "Did you remove ALL permission from the Admin
user before sending the app out?" If you don''t do this, your database is
not secure, period.

TC，你问题的答案基本上是，是的。


我知道Access 2007不会因新的accdb

格式而烦恼。


-

Allen Browne - 微软MVP。西澳大利亚州珀斯。

访问用户提示 - http：// allenbrowne.com/tips.html

回复群组，而不是mvps dot org的allenbrowne。


" TC" <去********* @ yahoo.com>在消息中写道

news：11 ********************** @ g10g2000cwb.googlegr oups.com ...

TC, the answer to your question is basically, Yes.

I understand that Access 2007 won''t bother with security in the new accdb
format.

--
Allen Browne - Microsoft MVP. Perth, Western Australia.
Tips for Access users - http://allenbrowne.com/tips.html
Reply to group, rather than allenbrowne at mvps dot org.

"TC" <go*********@yahoo.com> wrote in message
news:11**********************@g10g2000cwb.googlegr oups.com...

过去我一直认为用户/组安全性相当紧张。它实施起来很棘手，但是一旦正确实施，除非经过专门的努力，否则它不会被破解。

最近，我看到了一些大大降低的东西我对
用户/组安全的看法。我向一位同事发送了一个安全的数据库。我忘了把工作组文件发给他了，但这根本不会让他失望。
第二天，他把我要求的工作发给了我，而且，顺便说一句，
提到他构建了自己的工作组文件版本 - 然后
他列出了应用程序中使用的每个用户/ PID组合。换句话说，他完全破解了安全性。我问他是怎么做到的，并且他说他使用了从互联网上下载的工具。我们碰巧使用Access 2000，但他说它与Access 2003一样好用。

根据这种经验，访问安全性现在看起来非常弱。然而，在我得出这个结论之前，我想发布
newgroup进行现实检查。在确保申请安全时，我是否犯了一些业余错误？ （即Duh！如果你没有查看fizziwig表格上的woo-woo
框，当然每个人都可以看到你的用户/ PID数据！）或者是用户/组安全真的很弱，我只是知道的最后一个？ （即你不知道用户/团体的安全是没有价值的吗？你有没有生活在一个山洞里？）

以特定的形式表达我的疑虑问题：Access
安全性是否真的如此之弱，以至于使用从互联网上下载的软件可以在不到一分钟的时间内完全破解正确安全的Access应用程序？

很高兴知道。

-TC

In the past I always regarded user/group security as fairly tight. It
is tricky to implement, but once implemented properly, it can''t be
cracked except through a dedicated effort.

Recently, however, I saw something which greatly lowered my opinion of
user/group security. I sent a secured database to a colleague. I forgot
to send him the workgroup file, but that didn''t slow him down at all.
The next day, he sent me the work I had requested and, as an aside,
mentioned that he built his own version of the workgroup file -- then
he listed every user/PID combination used in the app. In other words,
he had completely cracked the security. I asked him how he did it, and
he said he used a tool downloaded from the internet. We happened to be
using Access 2000, but he says it works just as well with Access 2003.

Based on that experience, Access security now looks extremely weak to
me. Before I reach that conclusion, however, I want to post on the
newgroup for a reality check. Did I make some amateur mistake when
securing the application? (i.e. "Duh! If you don''t check the woo-woo
box on the fizziwig form, of course everybody can see your user/PID
data!") Or is user/group security truly weak, and I''m just the last to
know? (i.e. "You didn''t know user/group security was worthless? Have
you been living in a cave?")

To put my concerns in the form of a specific question: Is Access
security really so weak that a properly secured Access application can
be completely cracked in less than a minute using software downloaded
from the internet?

It would be good to know.
-TC

顺便说一下，我当然很想知道这个名字您使用的软件

来破解访问安全性。


如果你在谈论数据库密码，那从来没有被认为是非常好的

强大，永远。在我看来，这是为了让临时用户不小心制造恶作剧

。


如果你说的是真正的Access用户/组安全，我'我非常感兴趣的是

该软件的名称。

By the way, I"m certainly curious to know the name of the software you used
to crack access security.

If you''re talking about a database password, that was never considered very
strong, ever. It was for keeping casual users from making mischief
accidentally, in my opinion.

If you''re talking genuine Access user/group security, I''m very interested in
the name of that software.

这篇关于用户/组安全 - 它有多糟糕？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！