[AccessD] Hiding Back End Design

Hale, Jim Jim.Hale at FleetPride.com
Wed Jun 23 09:26:00 CDT 2004


You guys won't believe this.  Diebold was/is using Access as the DB for its
voting app. Talk about back end security issues!! Bring back the good 'ol
days of hanging chads <g>! The lead in paragraphs are from Peters software
newsletter. Incredible!
Jim Hale


3. How NOT To Design an Application
-------------------------------------
Well, Microsoft Access made history recently by being at the center 
of an automated voting machine controversy. It seems that Diebold 
Election Systems put together an application for the very, Very, 
VERY important purpose of counting votes in US elections. 37 states 
made use of this application. The only problem? Well, there were 
many! It seems that Diebold left their source code and other 
critical information on an unprotected public web site. They used 
bad vote accounting practices. They did not secure their MS Access 
databases, and they chose to use MS Access for this critical 
application in the first place!

Sometimes knowing when NOT to use MS Access is just as important as 
knowing HOW to use MS Access.

An investigative reporter in the article below was able to edit the 
Diebold MS Access tables directly, change vote totals, and erase the 
audit trail from the poorly designed tables. Whooops! That could be 
called a FLAW!

A database like Oracle would have been much better for this task 
because you can have triggers (event procedures) for TABLE events. 
With Oracle you can have a procedure execute when a table record is 
updated, or a table field is updated. You can only do that with 
forms in MS Access, not tables. That means that a well-designed 
Oracle database would not be as susceptible to direct table editing 
without an audit trail the way this MS Access database was. 

Here's the story - a very good lesson on how NOT to design a 
critical application:

Link: http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm





More information about the AccessD mailing list