Database password stored in file?

[Greg Tyler]

I created a database (MDB), using a master password to secure it from the
naughty folk what want my data. It all works fine, but when I open the MDB in
Notepad and search for "pwd=", it finds a string stating "pwd=gunter" (gunter
being the database password). In fact, it finds this string four times.

This means that anyone opening the database can simply look at the source
beforehand, get the password and then have full access to all my terribly
secure and utterly confidential information.

My question is whether I'm doing something wrong? Did I set up the password
wrong? Am I being misled? I'm aware that accdb has greater security, but as
the majority of users are still on Office 2003, I honestly can't help but use
MDB files.

I also want to ask why there's so little mention of this elsewhere on the
tubes? Surely this is a major security flaw, and yet I can find minimal
discussion of it...

 

[Arvin Meyer [MVP]]

Actually, You may find that while the password may be improved in Access
2007, the security model isn't as strong. There is much more to security
than simply securing the database. The data itself (back-end of a split
database) needs to reside on a secure server, and by secure, I also mean
physically secure (locked room) as well as secure from attack from the
outside. The data needs to be in a folder that no one else can open, except
those to whom you've granted access.

If you are running it from a local machine, you should encrypt the file, so
when it's not in active use, even Notepad will see nothing but gibberish. I
use a free (and excellent) program named TrueCrypt for this:

http://www.truecrypt.org