Dear Chris:
While I agree that the ability to reverse engineer an MDE is a serious
issue, I think that your reaction is excessive, and your attack on, and
threatened harrassment of, Jeff is just plain wrong.
Ignorance may play a role in security, but you seem to suggest that if
security issues aren't discussed then they might "go away". I would suggest
that the opposite is true: if security issues aren't generally discussed,
then developers would live with a false sense of security, since those bent
on circumventing security will be certain to have discovered these security
issues. Believing that "if we just don't discuss these things then we'll be
more secure" is whistling in the dark.
Developers more than anyone should be aware of all issues relating to
security. Otherwise they will be doing their clients a disservice.
Would you suggest that Access's database password is secure? I'm sure you
wouldn't. Would you tell your client that they should not rely on that
password for security? I should hope you would. Knowing about this security
flaw leads to a more secure Access application. And don't forget that there
are less than scrupulous programmers who might charge a fee to the
unsuspecting to "break" their password. I believe Michael Kaplan posted a
password breaking program to forestall just this kind of thing.
Besides, Access, as far as I have seen, has never been promoted as a
"secure" application; generally, it is suggested in newsgroups and
elsewhere, that if you need security, then that is a valid reason to move to
SQL Server, Oracle, etc..
Jeff isn't *promoting* reverse engineering of MDEs. He is providing a link
to those conscientious developers who understand that they need to be
knowledgeable about Access security and its limitations. Knowledge is power!
You asked for opinions; that's mine. I hope you will take the time to
consider your position, Chris. I suspect that the issue is not as clear cut
as you seem to believe. I hope that you will also drop your wrong-headed
threats to harrass Jeff.
Regards,
Fred Boer