The security of databases: the Access case

Nowadays, more and more companies have to use databases in which they store their essential or confidential data for the society like client lists, product specifications, stock situations, etc.. Such pieces of data are the heart of a company and have to be protected. In fact, in the context of economic intelligence, getting such information is quite interesting for competitors who want to know how rival companies work for example. Databases need software to be managed. There is a variety of software, called database management system, which is able to manage database like MySQL, Oracle Database, Microsoft Access, etc... This paper will focus on Microsoft Access 2010 64 bits which is part of the Microsoft Office 2010 suite. Microsoft Access is currently used by small and medium enterprises (SMEs) who have subcontracted the creation of their database to specialized companies. SMEs represent a huge part of the economic area and could be an interesting target because of the large range of activities it gather. This technical paper analyses the Access Security and explains how an attacker could hijack an Access database in order to steal information or to perform malicious actions on the targeted computer. It deals with macro-viruses, still present after many years, and give then the possibility to use them to insert major security weaknesses into Access databases.