Bystander,
Mac's correct; Paradox table passwords are not secure and can be defeated with minimal effort.
The problem is not so much as flaw, but a side-effect of the way passwords are stored in the encrypted tables. Instead of storing the original password, a digest of the password is generated and then stored. That is, your password is converted to a numeric representation.
Unfortunately, the conversion is fairly simple. If you can find that number or calculate one that matches, you're in. It's something that's doable in many password storage systems, not just Paradox's.
For a loose analogy, consider the easiest way to break into a locked car: break the window. Sure, you hope that won't happen and in many cases, it won't. But, if someone really wants your radio, they'll get it. We don't normally think about it, because locking the car does stop most thieves.
True security is nearly impossible; most security professionals talk about "acceptable levels of risk." You need to balance the possibility of compromise against the effort needed to secure things as completely as possible.
It's a balancing act, one that's different for each situation.
Now, there is another weakness in the BDE table password system. For technical and support reasons, the BDE developers created backdoor passwords that would always decrypt protected tables. They did this for testing reasons (e.g. if we encrypt the data, can we accurately unencrypt it? How do we test that?) and they also did this for what I call political reasons. ("What do we do when someone with 5,000 licenses calls up and tells us they're forgotten the password to their mission critical data?"
(Aside: When I was in support, I took a call from a woman frantic because she'd lost the password. We told her the official answer: "We're sorry, there's nothing we can do. There's no way to unencrypt the data without the original password." Her boss was listening, broke into the conversation, and fired her on the spot.
As you can imagine, it was a very difficult call to listen to. Very theatrical and possibly very staged. There was no way to know. Nevertheless, it's one of the few calls I remember after all this time. I only mention it to illustrate the questions that go into this sort of thing.)
In my experience, though, you can improve the security of your data in many ways. For example, you can encrypt the data using a different mechanism, such as Dynazip or other third-party library.
You can also (and should) restrict access to the most sensitive data. One reason people are able to steal credit card numbers from Internet sites is simply because those numbers are available when they should be locked away on a different network, one that doesn't have outside access.
Still, no matter how many safeguards you build into the system, there's always the risk that someone will simply copy the data and carry it out of the office.
If you're really interested in these issues and how to respond to them in a reasoned, thoughful way, then I highly recommend the writings of Bruce Schneier (
who is well-regarded in the Internet security community and has written books that are considered *the* titles to know.
Now, having gone into that rant
-)), there's a completely different reason you may be getting this error. Specifically, BDE contains a safegard designed to prevent older versions from mangling newer versions of the format.
When you try, for example, to open a Paradox 7 table in Paradox 5.0, you'll get this error. (Primarily because Paradox 7 tables have features that Paradox 5 doesn't know how to deal with.)
This error appears frequent with older versions of Microsoft's ODBC driver for Paradox because it was written with an older technology called the Paradox engine. The Paradox engine predates BDE (and ODAPI, BDE's original name). The Paradox engine supported Paradox v3 tables and therefore doesn't know how to handle memos and other features added to the Paradox v4 format.
So, it's entirely possible this is an "honest" error designed to protect you.
One way to test this is to use Paradox to export your data to a different format, such as dBASE, CSV (text), or whatever. That done, try to import the converted data.
If it works, then the error was probably genuine, though it displayed a weird message.
Hope this helps...
-- Lance
