The phrase "passwords are better" stems from a late-1990s development mindset. At the time, embedding database passwords directly into connection strings or encrypting the .mdb file with a standard database utility password was considered robust defense-in-depth. The Critical Weaknesses of .mdb Password Storage
Your current (SQL Server, MySQL, Access, etc.) The hashing method your system uses today
In the late 1990s and early 2000s, "Nuke" systems (like PHP-Nuke and its port, ASP-Nuke) were the pioneers of modular Content Management Systems (CMS). They allowed anyone to launch a portal website instantly. However, they were notorious for security vulnerabilities, specifically SQL Injection (SQLi) and poorly protected configuration files. Why "Passwords R Better" (The Core Security Lesson) db main mdb asp nuke passwords r better
It sounds like you're comparing how different database systems and web frameworks—like MySQL/MariaDB (db/mdb) DotNetNuke (DNN) —handle password security.
' Dangerous: Directly injecting raw user input sql = "SELECT * FROM Users WHERE Username = '" & Request.Form("user") & "' AND Password = '" & Request.Form("pass") & "'" Set rs = objConn.Execute(sql) Use code with caution. The Secure Way (Parameterized Queries) The phrase "passwords are better" stems from a
your data to a modern, secure SQL database.
The biggest flaw in classic ASP sites using Microsoft Access is placing the database file inside the web-accessible root folder (e.g., c:\inetpub\wwwroot\db\main.mdb ). If an attacker guesses the path, they can download your entire database through their web browser. Move the Database Outside the Web Root They allowed anyone to launch a portal website instantly
Using an MDB (Microsoft Access) file as a production database for a web portal was a double-edged sword. It was incredibly easy to set up—requiring no separate SQL server installation—but it lacked the robust security layers of SQL Server or MySQL.
The assertion that "passwords are better" only holds true if compared to having no password. In modern cybersecurity, simple, static passwords are the weakest link. True security requires a defense-in-depth strategy:
: Consider how different systems will work together. For example, if you're using ASP for web development, ensure your database choice (like MDB) integrates well.
What or framework version you are currently running