question about Securing Access Database
Posted on 2011-04-20
We have a commercial application which is going to be distributed to customers.
it's split front end/back end using SQL server as the back end. We have encrypted server traffic and hashed passwords etc so that a user cannot connect to the dbms using external tools and their password and inspect data. Some of the database contents are quite confidential.
When our app is not running the table links are destroyed (last thing it does before it shuts down).
However, I am disturbed by the fact that it is possible to create an access database and link to a system/hidden table in the running application accde file and discover the encrypted passwords in the connection strings of msysobjects.
We need persistent connections. We have a database design with >300 tables and it's highly integrated so we use tables all over the place. With north of 100,000 lines of code I don't think we can re-architect to connect and disconnect dynamically and in any event that would comprise a significant performance overhead.
Any advice from anyone for ways to lock this down? I've been searching but no luck so far.
Thanks , rj8820