• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

How to maximize the security in Access 2003 on a webserver?

J

jaffa

Member
I plan to use Access 2003 on my webserver.

How can I maximize the security against hackers, particularly when it comes to the table I call ?users_and_passwords??

Is there for example anyway I can encrypt the info in this table?
 
Yup. Use a hash like MD5 or SHA1 and store the hash of the password, instead of the password itself.

Note that you won't be able to recover passwords for people who forget them, instead you will have to generate new passwords for them and send out a new one each time.

However, in reality, protecting the database only protects against loss of all passwords to a hacker - if you aren't using SSL to exchange passwords then anyone can help themselves at any point on the net between your server and your users.
 
Thank you for both your answers.

I am not that used to Access so could one of you please explain what you mean by using a hash (like MD5 or SHA1)? How is that done in practice?

Thanks in advance...
 
A hash is calculated by your program. If you are using .NET then here's some sample code based on some I used for a project.



When you take the user's password, run it through the hashing function, and use the hashed version in the same way that you would have used the original.

Remember to change the forgotten password handling
 
Thanks for your reply Mark.

Unfortunately I don't use .net (sorry I did't tell that before). I have done my server programming in asp and considering what I know about asp I can't see how to use the code that you provided here. Can I achieve the same encryption effect with asp? If so, how?

I am a real beginner when it comes to .net programming.

Hope you can take a minute (or maybe two) and help me out.

Thanks!
 
Read through all of the articles listed here. There is some good information.

Some more things you'll want to consider.

1. Make sure you keep your Windows server fully up-to-date with the latest security patches, and run Microsoft's IIS Lockdown Tool to prevent the more common IIS attacks.
2. Read up on SQL injection and carefully scrutinize your code to protect yourself from it.
 
If you are doing hashing store both the username and password together as the hashed password as it'll be more secure. I say this because if you store just the password hashed you can query the database to retrieve a username using a hashed common password, thus bring up a matching login+password for someone to abuse. 🙂
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top