Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Is there any way I can store a field in an Access 2000 database using some form of encryption?

Posted on 2001-09-13
14
Medium Priority
?
195 Views
Last Modified: 2010-05-02
I have a VB application, which uses an Access 2000 Database to store data.

I was wondering if anyone knew a way of storing a password field in Access 2000 so, as you could not see the user's password.

For Example:

Password: test
When viewing the table in Access, you see: ####

But when querying that field the application recognized #### as test. (Hope that made sense).


Does anyone know if this is possible?
0
Comment
Question by:kenmck
  • 6
  • 4
  • 4
14 Comments
 
LVL 43

Expert Comment

by:TimCottee
ID: 6479159
You can only do this by applying some encryption to the text that is stored and decrypting it. It is obviously possible to hide passwords when displaying them using the .PasswordChar property of a text box etc but this is not a native ability for a field in a table. I would suggest that you encrypt and decrypt the password so that the encrypted one is stored in the table and can therefore not easily be understood by someone just looking at the table. There are many easily available encryption routines that you can drop into your application to achieve this.
0
 
LVL 54

Expert Comment

by:Ryan Chong
ID: 6479162
Hi kenmck,

In your Access, goto the Table Design, select the field want to be as "password" field, in "General", select the InputMask, Type "PASSWORD", save it. and try again.

regards.
0
 
LVL 43

Expert Comment

by:TimCottee
ID: 6479185
ryancys, I didn't know of that one, however it does have limitations that encryption doesn't: A user with access can easily change the design to get rid of the password mask, reading the data with ADO or DAO will show the real contents of the field to anyone with the necessary skill to do this. However it may be enough to defeat the casual hacker.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 54

Expert Comment

by:Ryan Chong
ID: 6479208
Hi TimCottee,

As my understanding on this question, maybe what i'm suggested is correct, but of course maybe is not.

#### <> **** ? Maybe :P

Of course, we can encrypt our field value before we save it into database to increase the security.

regards.

0
 
LVL 43

Expert Comment

by:TimCottee
ID: 6479219
No I think you are correct, I am merely pointing out some potential insecurities associated with this. No slight to you, I wasn't aware of this capability thanks for suggesting it. I would guess that *** or ### is pretty much the same as it effectively obscures the data from the casual observer.
0
 

Author Comment

by:kenmck
ID: 6479407
Thanks to both Ryancys and TimCottee both of you have good answers. The one that I am more intrested in is TimCottee's as it is a more secure option.

Have you any examples of how to do this Tim?
0
 

Author Comment

by:kenmck
ID: 6479413
Thanks to both Ryancys and TimCottee both of you have good answers. The one that I am more intrested in is TimCottee's as it is a more secure option.

Have you any examples of how to do this Tim?
0
 
LVL 43

Expert Comment

by:TimCottee
ID: 6479847
kenmck, here is some code to simply encrypt a string and decrypt it again if required. You would encrypt your password before saving it to the database. And either decrypt it and compare to plain text or simply encrypt the entered password and compare the two encrypted versions. This is technically more secure though as this is a decryptable system it is not 100% secure. It does however require that any hacker knows the encryption / decryption algorithm to get at the password.

Option Explicit

#Const CASE_SENSITIVE_PASSWORD = False
Private Function EncryptText(strText As String, ByVal strPwd As String)
Dim i As Integer, c As Integer
Dim strBuff As String

#If Not CASE_SENSITIVE_PASSWORD Then

'Convert password to upper case
'if not case-sensitive
strPwd = UCase$(strPwd)

#End If

'Encrypt string
If Len(strPwd) Then
  For i = 1 To Len(strText)
  c = Asc(Mid$(strText, i, 1))
  c = c + Asc(Mid$(strPwd, (i Mod Len(strPwd)) + 1, 1))
  strBuff = strBuff & Chr$(c And &HFF)
  Next i
Else
  strBuff = strText
End If

EncryptText = strBuff

End Function

'Decrypt text encrypted with EncryptText
Private Function DecryptText(strText As String, ByVal strPwd As String)
Dim i As Integer, c As Integer
Dim strBuff As String

#If Not CASE_SENSITIVE_PASSWORD Then

'Convert password to upper case
'if not case-sensitive
strPwd = UCase$(strPwd)

#End If

'Decrypt string
If Len(strPwd) Then
For i = 1 To Len(strText)
c = Asc(Mid$(strText, i, 1))
c = c - Asc(Mid$(strPwd, (i Mod Len(strPwd)) + 1, 1))
strBuff = strBuff & Chr$(c And &HFF)
Next i
Else
strBuff = strText
End If
DecryptText = strBuff
End Function
Private Sub cmdEncrypt_Click()
Text1 = EncryptText((Text1), Text2)
End Sub

Private Sub cmdDecrypt_Click()
Text1 = DecryptText((Text1), Text2)
End Sub
0
 

Author Comment

by:kenmck
ID: 6481816
I have tried the above:

I typed the password as ADMIN and it was encrypted as Y????

I then tried to Decrypt it and instead of ADMIN the DecryptText string was ????E

Any idea why?
0
 

Author Comment

by:kenmck
ID: 6481836
I have tried the above:

I typed the password as ADMIN and it was encrypted as Y????

I then tried to Decrypt it and instead of ADMIN the DecryptText string was ????E

Any idea why?
0
 
LVL 54

Accepted Solution

by:
Ryan Chong earned 600 total points
ID: 6481851
Hi kenmck,

Or maybe you can try some other resources:

Use a one-time pad to encipher and decipher text:
http://www.vb-helper.com/HowTo/onetimepad.zip

Encipher text, part 2:
http://www.vb-helper.com/HowTo/simpencrypt.zip

Encipher text:
http://www.vb-helper.com/HowTo/cipher.zip

This program encrypt or decrypt a text, with a key and a checksum checker. Very good program:
http://www.planetsourcecode.com/vb/scripts/ShowZip.asp?lngWId=1&lngCodeId=11400&strZipAccessCode=ODE%5F114000891

'Hope will help.
0
 

Author Comment

by:kenmck
ID: 6482179
Cheers mate that worked fine.
0
 

Author Comment

by:kenmck
ID: 6486893
Thanks again
0
 
LVL 54

Expert Comment

by:Ryan Chong
ID: 6486895
Hi kenmck,

Glad can help you:)
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes some techniques which will make your VBA or Visual Basic Classic code easier to understand and maintain, whether by you, your replacement, or another Experts-Exchange expert.
Since upgrading to Office 2013 or higher installing the Smart Indenter addin will fail. This article will explain how to install it so it will work regardless of the Office version installed.
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question