Fog Creek Software
Discussion Board




Passwords

Does Microsoft provide a secure way to password-protect files and folders in Windows 98?

Chi Lambda
Wednesday, January 29, 2003

Security? Windows 98!?

Buhahahahaahahahaha!


In all seriousness, I don't think there is a way. I know that Word allows you to secure you documents, but I don't think the OS really offers much in 98.

Go Linux Go!
Wednesday, January 29, 2003

Nope. Isn't. Windows 98 and SE weren't designed for it.

Your best bet is some sort of 3d party app that gives you whatever specific type of security you might be looking for, or if you just want to protect some files that you have to keep on a w98 box, you might try winzipping them, with a password on the zip file, or getting some other tool that simply encrypts the files. If you want to protect some MS Office files, then some of the office apps themselves offer some password protection capabilities on their proprietary files, but that's likely not encrypted or secure-not sure. I'll bet if you opened a *.doc or *.xls file in a binary editor, you'd be able to see lots of the text in the content of those files.

W98 doesn't have anything natively that controls permissions at all, nor even user-to-user privacy across accounts. One user on a multi-user W98 machine can easily read another user's files.

Don't know your situation, but if you're really stuck **having** to use a W98 box, first, let me offer you my condolences ;-)

Next, would it work for you to just keep the files on removable media that you can take out of the machine and physically secure somehow?

anonQAguy
Wednesday, January 29, 2003

FAT 32 does not allow you to password protect files or folders on a local machine. It does allow password protection of shared folders over a network.

The easiest way is to use some kind of external privacy; winzipping and password protecting, or using PGP both spring to mind.

If you are worried about other users (young children for example) then the policy editor will allow you to make a W98 box secure against anything but a screwdriver attack, but you would find it easier to use a program such as Security Wizard to do the settings for you.

Incidentally in one respect W98 offers better security than NT, in that with user level security you have no protection on shared files against the domain administrator, but with password protected security - not allowed in NT - you can stop him snooping in your shared folders.

Stephen Jones
Wednesday, January 29, 2003

I just tried entering some information into an MS Access database file and then assigning a password to it.

I found that I can open the .mdb file in EditPlus (my text editor of choice)  without being prompted for a password and, surprise-surprise, see the information that's supposed to be securely tucked-away.

Chi Lambda
Wednesday, January 29, 2003

If you don't want the database to be read by anyone then you should encrypt it.

Just go to Tools|Security|Encrypt database.

Access seciurity is quite complicated. I've known plenty of people set up rigorous user level security but forget to change the default owner from admin, so that when the database travels to another computer anybody can open it.

Stephen Jones
Wednesday, January 29, 2003

Don't forget ms-access security, and encrypting a file are mutuality exclusive issues. I use ms-access security all the time, but I don't encrypt the files, since then they don't zip (compress) at all.

Of course, I am really just using security to restrict features in the software package using security, and not trying to hide the data from a disk or file viewer program.

So, just we are clear, you can encrypt, or not encrypted a ms-access database. Further, you can add, or remove a password to the  ms-access database.

However, the database passwrod, and the encrypting features are NOT related to the workgroup security feature of ms-access in any way shape, or form.

Hence, they are in fact 3 complete separate features of ms-access, and have nothing to do with each other!

Albert D. Kallal
Wednesday, January 29, 2003

OK, encryption seems to do the trick. Thanks for the information everybody.

BTW, I noticed that the Palm OS is not any more sophisticated with encryption than Windows 98:

http://www.poochkiss.com/blog.asp?Link=142

Chi Lambda
Wednesday, January 29, 2003

Albert,
          I was aware they were different features. I was just warning Chi Lambad that if he wanted to use user level security for the Access database, then to be careful. It's certainly counter-intuitive.

          Can you set a password for everybody as well as the user-level password? I can't see why you should want to, unless it waa to impress a paranoid client.

            My feeeling in general is that it is better to restrict access to the file through sharing and NTFS restricitions, and  then be farily lax about the Access security model.

            Just my 2 cents worth.

Stephen Jones
Thursday, January 30, 2003

>>      Can you set a password for everybody as well as the user-level password? I can't see why you should want to, unless it waa to impress a paranoid client.


No, you can't. It is just a simple password, and would thus be the same for everyone.  (so, you do/did have this right!).

The original question was in regards to general files. But, for database stuff, if you need to secure the data from employees walking away with it, then you have to use a server based product.

Albert D. Kallal
Thursday, January 30, 2003

*  Recent Topics

*  Fog Creek Home