Using MsAccess in Combination with PHP and MySQL: security

O

orny

New member
Local time
Today, 02:42
Joined
Oct 18, 2023
Messages
10
Hello all!
I have just done my first tests using Access (a non-encypted ACCDE front-end) in combination with PHP calls over SSL to a SSL encrypted MySQL backend. Anyone interested in trying to crack it open and tell me how they did it?

I've already tried to copy a new autoexec macro into th ACCDE, pointing to a new form, allowing me to alter settings. But I could only inject the rogue autoexec macro, not the frmRogueForm I had planned. The app launches with a modal popup login form, and closing that without clearing password (hashed+salted with brypted) quits the application.

As for using the ACCDE: As far as I could tell, Wireshark seems to show that there is just a lot of garbled crud over the internet connection, also I did not find the PHP URLS's.

I really want to know if this is safe enough.

Look forward to hearing from you!

best regards,
Pep
 
I don't see anything in your question I feel I could help you with, mainly because I just don't understand what you're doing. Seeing as you have yet to receive a reply, I reckon other people may have come to the same conclusion as myself...

I would suggest that you add some more information, a better description, some examples, anything really to grab people's attention and interest in your problem. That way you might get a useful response.
 
orny said:
Hello all!
I have just done my first tests using Access (a non-encypted ACCDE front-end) in combination with PHP calls over SSL to a SSL encrypted MySQL backend. Anyone interested in trying to crack it open and tell me how they did it?

I've already tried to copy a new autoexec macro into th ACCDE, pointing to a new form, allowing me to alter settings. But I could only inject the rogue autoexec macro, not the frmRogueForm I had planned. The app launches with a modal popup login form, and closing that without clearing password (hashed+salted with brypted) quits the application.

As for using the ACCDE: As far as I could tell, Wireshark seems to show that there is just a lot of garbled crud over the internet connection, also I did not find the PHP URLS's.

I really want to know if this is safe enough.

Look forward to hearing from you!

best regards,
Pep
Click to expand...
The security of a server-side solution such as SQL Server or MySQL (unlike Access BE) depends 100% on the server, and is thus not an Access question. I figure that may contribute to a lack of responses.
 
tvanstiphout said:
The security of a server-side solution such as SQL Server or MySQL (unlike Access BE) depends 100% on the server, and is thus not an Access question.
Click to expand...
I disagree. The authentication of the client (be it application or user) is also a client side issue.
 
You must log in or register to reply here.

Similar threads

O
Hello all, newby from Amsterdam here with an ACCDE security quest
2
Replies
25
Views
1,601
MsAccessNL
MsAccessNL
Isaac
Some good advice and thoughts about programming in general
Replies
7
Views
1,457
Pat Hartman
P
josephbupe
Fetching All Data From mySQL And Display It In A Data-grid
Replies
4
Views
7,132
josephbupe
josephbupe
C
Use text in Combobox for Mysql
Replies
1
Views
843
plog
P
wiklendt
possible to combine Ken Higg's FE version control WITH DCrake's shell extension code?
2 3
Replies
41
Views
6,534
wiklendt
wiklendt

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top Bottom