[AccessD] Unlock/Unprotect VBA Project

Stuart McLachlan stuart at lexacorp.com.pg
Mon May 7 00:45:37 CDT 2018


ISTM that if the actual connection strings, passwords etc are "stored"  anywhere in the 
application, be it a form's text or tag property or anywhere else, then opening the file in a hex 
viewer is likely to reveal them.


On 7 May 2018 at 3:37, Bill Benson wrote:

> Stuart,
> 
> Can you demonstrat that storing them in the manner I proposed,
> together with an "unviewable +" locked project exposes this
> information, in any possible way -other than perhaps reading internal
> memory, which would be WAY WAY WAY over my head to figure out how to
> do? Without a public function in the target workbook which exposes
> them, do you have any method of getting at that info?
> 
> On Sun, May 6, 2018, 11:06 PM Stuart McLachlan
> <stuart at lexacorp.com.pg> wrote:
> 
> > If you are that concerned about application security, you shouldn't
> > be storing passwords at all.  Store a cryptographic hash and then
> > compare the hash of the entered password to the stored hash.  Same
> > with usernames.
> >
> > On 6 May 2018 at 21:33, Bill Benson wrote:
> >
> > > I did find a means of hiding all connection strings, passwords,
> > > etc in a userform control's text or tag properties. It is
> > > virtually impossible to force that userform into a loaded state to
> > > read those crucial strings, from an external workbook, unless I
> > > the author of the protected workbook was foolish enough to have a
> > > public sub that loaded them, therefore it was virtually impossible
> > > to get access to that protected information.
> >
> > --
> > AccessD mailing list
> > AccessD at databaseadvisors.com
> > http://databaseadvisors.com/mailman/listinfo/accessd
> > Website: http://www.databaseadvisors.com
> >
> -- 
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
> 




More information about the AccessD mailing list