I have lodged a formal complaint with Microsoft about Jeff Conrad's site (not
about Jeff Conrad exactly).

Who knows if Microsoft will take any notice. I am posting this just so's
no-one thinks I am doing "dirtys". I might or might not post the full text of
my complaint to Microsoft, but it seems inappropriate at the moment (it was
not written as an "open letter").

Probably the first time any such complaint has been attempted. And some people
accuse me of not being serious.

My concern is security in the overall sense. I await with interest Microsoft
reply, if any. The silence in this so-named newsgroup about matters of
security is, well, "crushing".

Chris Mills
Access Developer

Unless you share what your issue is, I doubt you'll get many comments from
us.


--
Rick B



"Chris Mills" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I have lodged a formal complaint with Microsoft about Jeff Conrad's site
(not
> about Jeff Conrad exactly).
>
> Who knows if Microsoft will take any notice. I am posting this just so's
> no-one thinks I am doing "dirtys". I might or might not post the full text
of
> my complaint to Microsoft, but it seems inappropriate at the moment (it
was
> not written as an "open letter").
>
> Probably the first time any such complaint has been attempted. And some
people
> accuse me of not being serious.
>
> My concern is security in the overall sense. I await with interest
Microsoft
> reply, if any. The silence in this so-named newsgroup about matters of
> security is, well, "crushing".
>
> Chris Mills
> Access Developer
>
>
>

"Chris Mills" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> My concern is security in the overall sense. I await with interest
> Microsoft
> reply, if any. The silence in this so-named newsgroup about matters of
> security is, well, "crushing".


I'm having a terrible time trying to get my head around those three
sentences. 'Security' in Access is a joke, and everyone knows it.

Jeez Chris, you've been around long enough to know that the database
password is useless, and that user level security can be broken (even
without the mdw). It seems to me that you could invest some effort in
complaining about that to Microsoft.

What exactly is your complaint about Jeff?

--
Joan Wild
Microsoft Access MVP

> to know that the database password is useless,
utter nonsense
(only true to a limited extent)

> and that user level security can be broken (even
> without the mdw).
yes, but referring to the above, utter nonsense

> It seems to me that you could invest some effort in
> complaining about that to Microsoft.
yes, that's exactly what I posted. In fact, the complaint is about none of the
above.

I think you should be careful. An MVP spouting advice about security whilst
claiming it is useless, is duplicitous. I make no such claim about Access
security.

I'm not surprised you're scratching your head, based on your statements. I
question if you know ANYTHING about security, in a broad sense, at all.
My otherwise regards to you.
Chris

This guy seems to be a real moron.


Is there any point to his post? Does he expect some form of discussion, or
is he just trying to make trouble?

Why has he not simply posted his complaint so we will know what he is
talking about?

He claims to have a problem with an MVP website, but does not tell us what
the problem is. His post seems to indicte that he has a poor understanding
of Access security. what does that have to do with Jeff's website?

The website seems pretty useful to me!


--
Rick B



"Chris Mills" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> > to know that the database password is useless,
> utter nonsense
> (only true to a limited extent)
>
> > and that user level security can be broken (even
> > without the mdw).
> yes, but referring to the above, utter nonsense
>
> > It seems to me that you could invest some effort in
> > complaining about that to Microsoft.
> yes, that's exactly what I posted. In fact, the complaint is about none of
the
> above.
>
> I think you should be careful. An MVP spouting advice about security
whilst
> claiming it is useless, is duplicitous. I make no such claim about Access
> security.
>
> I'm not surprised you're scratching your head, based on your statements. I
> question if you know ANYTHING about security, in a broad sense, at all.
> My otherwise regards to you.
> Chris
>
>

> He claims to have a problem with an MVP website, but does not tell us what
> the problem is. His post seems to indicte that he has a poor
> understanding
> of Access security. what does that have to do with Jeff's website?

Rick,
Chris is upset that Jeff's site has links to companies that offer services
that will crack Access security. He thinks that is an illegal service to
offer. Of course, it is only illegal if they crack the security for an
unauthorized user and/or company. If they crack it for the owner of the
database, then it is perfectly legal. Don't let him bother you. He's just
blowing smoke.

--
Lynn Trapp
MS Access MVP
www.ltcomputerdesigns.com
Access Security: www.ltcomputerdesigns.com/Security.htm
Jeff Conrad's Access Junkie List:
http://home.bendbroadband.com/conrad...essjunkie.html

While cracking security may be legal in certain cases, the fact that it can
be done at all and done so easily, that it is a well known problem, and has
never been fixed in all these years speaks volumes in respect to Microsoft's
priorities. I'm sure a lot of people would like to see Microsoft get off
their ass and fix the problem.

I don't question Chris' motives in bringing the issue up. Nevertheless, the
derogatory comments in respect to others in the NG appear misdirected and
aren't in any way helpful toward getting the issue resolved. If anyone
should be flamed abot this, it would be Microsoft.

--
Paul Overway
Logico Solutions
http://www.logico-solutions.com


"Lynn Trapp" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>> He claims to have a problem with an MVP website, but does not tell us
>> what
>> the problem is. His post seems to indicte that he has a poor
>> understanding
>> of Access security. what does that have to do with Jeff's website?
>
> Rick,
> Chris is upset that Jeff's site has links to companies that offer services
> that will crack Access security. He thinks that is an illegal service to
> offer. Of course, it is only illegal if they crack the security for an
> unauthorized user and/or company. If they crack it for the owner of the
> database, then it is perfectly legal. Don't let him bother you. He's just
> blowing smoke.
>
> --
> Lynn Trapp
> MS Access MVP
> www.ltcomputerdesigns.com
> Access Security: www.ltcomputerdesigns.com/Security.htm
> Jeff Conrad's Access Junkie List:
> http://home.bendbroadband.com/conrad...essjunkie.html
>

> While cracking security may be legal in certain cases, the fact that it
> can be done at all and done so easily, that it is a well known problem,
> and has never been fixed in all these years speaks volumes in respect to
> Microsoft's priorities. I'm sure a lot of people would like to see
> Microsoft get off their ass and fix the problem.

I agree, but I wonder if Microsoft, or any company for that matter, would be
willing to put the necessary resources to making Access as secure as a
server side database. The cost of doing that would have to be weighed
against the amount of income generated by the sale of Access. I really doubt
that it is cost effective, so the bean counters at Microsoft may be who is
keeping everybody on "their ass." <g>

>
> I don't question Chris' motives in bringing the issue up. Nevertheless,
> the derogatory comments in respect to others in the NG appear misdirected
> and aren't in any way helpful toward getting the issue resolved. If
> anyone should be flamed abot this, it would be Microsoft.

Perhaps Chris has good motives -- I won't get into that. However, Jeff
Conrad is totally innocent. He provides a service of information and nothing
else. He makes no claims regarding the quality of the links he posts there.

--
Lynn Trapp
MS Access MVP
www.ltcomputerdesigns.com
Access Security: www.ltcomputerdesigns.com/Security.htm
Jeff Conrad's Access Junkie List:
http://home.bendbroadband.com/conrad...essjunkie.html

"Lynn Trapp" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>> While cracking security may be legal in certain cases, the fact that it
>> can be done at all and done so easily, that it is a well known problem,
>> and has never been fixed in all these years speaks volumes in respect to
>> Microsoft's priorities. I'm sure a lot of people would like to see
>> Microsoft get off their ass and fix the problem.
>
> I agree, but I wonder if Microsoft, or any company for that matter, would
> be willing to put the necessary resources to making Access as secure as a
> server side database. The cost of doing that would have to be weighed
> against the amount of income generated by the sale of Access. I really
> doubt that it is cost effective, so the bean counters at Microsoft may be
> who is keeping everybody on "their ass." <g>
>

I have no expectation that Access be just as secure as a server based
product. However, Microsoft SHOULD fix the faulty algorithm used to secure
the user names and passwords in the workgroup file, which can currently be
hacked in a matter of seconds. If bean counters are preventing this issue
from being fixed, Microsoft's Trustworthy Computing initiative has less
value than a pile of manure. Greed may dictate otherwise, but Microsoft can
well afford to fix the problem.

Paul Overway wrote:

> While cracking security may be legal in certain cases, the fact that it can
> be done at all and done so easily, that it is a well known problem, and has
> never been fixed in all these years speaks volumes in respect to Microsoft's
> priorities. I'm sure a lot of people would like to see Microsoft get off
> their ass and fix the problem.

galloop galoop ... I hear my hobby horse in the background!

I have given them a /two line fix/ that would completely remove the
ability of cracking products to reverse-engineer the plaintext
passwords from a workgroup file. Clearly that is not the only weakness
in user level security; but it is certainly the most egregious one.

Whether they will actually /do/ it, is anyones' guess.

TC