Solved

Is there any way I can store a field in an Access 2000 database using some form of encryption?

Posted on 2001-09-13
14
168 Views
Last Modified: 2010-05-02
I have a VB application, which uses an Access 2000 Database to store data.

I was wondering if anyone knew a way of storing a password field in Access 2000 so, as you could not see the user's password.

For Example:

Password: test
When viewing the table in Access, you see: ####

But when querying that field the application recognized #### as test. (Hope that made sense).


Does anyone know if this is possible?
0
Comment
Question by:kenmck
  • 6
  • 4
  • 4
14 Comments
 
LVL 43

Expert Comment

by:TimCottee
ID: 6479159
You can only do this by applying some encryption to the text that is stored and decrypting it. It is obviously possible to hide passwords when displaying them using the .PasswordChar property of a text box etc but this is not a native ability for a field in a table. I would suggest that you encrypt and decrypt the password so that the encrypted one is stored in the table and can therefore not easily be understood by someone just looking at the table. There are many easily available encryption routines that you can drop into your application to achieve this.
0
 
LVL 50

Expert Comment

by:Ryan Chong
ID: 6479162
Hi kenmck,

In your Access, goto the Table Design, select the field want to be as "password" field, in "General", select the InputMask, Type "PASSWORD", save it. and try again.

regards.
0
 
LVL 43

Expert Comment

by:TimCottee
ID: 6479185
ryancys, I didn't know of that one, however it does have limitations that encryption doesn't: A user with access can easily change the design to get rid of the password mask, reading the data with ADO or DAO will show the real contents of the field to anyone with the necessary skill to do this. However it may be enough to defeat the casual hacker.
0
Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

 
LVL 50

Expert Comment

by:Ryan Chong
ID: 6479208
Hi TimCottee,

As my understanding on this question, maybe what i'm suggested is correct, but of course maybe is not.

#### <> **** ? Maybe :P

Of course, we can encrypt our field value before we save it into database to increase the security.

regards.

0
 
LVL 43

Expert Comment

by:TimCottee
ID: 6479219
No I think you are correct, I am merely pointing out some potential insecurities associated with this. No slight to you, I wasn't aware of this capability thanks for suggesting it. I would guess that *** or ### is pretty much the same as it effectively obscures the data from the casual observer.
0
 

Author Comment

by:kenmck
ID: 6479407
Thanks to both Ryancys and TimCottee both of you have good answers. The one that I am more intrested in is TimCottee's as it is a more secure option.

Have you any examples of how to do this Tim?
0
 

Author Comment

by:kenmck
ID: 6479413
Thanks to both Ryancys and TimCottee both of you have good answers. The one that I am more intrested in is TimCottee's as it is a more secure option.

Have you any examples of how to do this Tim?
0
 
LVL 43

Expert Comment

by:TimCottee
ID: 6479847
kenmck, here is some code to simply encrypt a string and decrypt it again if required. You would encrypt your password before saving it to the database. And either decrypt it and compare to plain text or simply encrypt the entered password and compare the two encrypted versions. This is technically more secure though as this is a decryptable system it is not 100% secure. It does however require that any hacker knows the encryption / decryption algorithm to get at the password.

Option Explicit

#Const CASE_SENSITIVE_PASSWORD = False
Private Function EncryptText(strText As String, ByVal strPwd As String)
Dim i As Integer, c As Integer
Dim strBuff As String

#If Not CASE_SENSITIVE_PASSWORD Then

'Convert password to upper case
'if not case-sensitive
strPwd = UCase$(strPwd)

#End If

'Encrypt string
If Len(strPwd) Then
  For i = 1 To Len(strText)
  c = Asc(Mid$(strText, i, 1))
  c = c + Asc(Mid$(strPwd, (i Mod Len(strPwd)) + 1, 1))
  strBuff = strBuff & Chr$(c And &HFF)
  Next i
Else
  strBuff = strText
End If

EncryptText = strBuff

End Function

'Decrypt text encrypted with EncryptText
Private Function DecryptText(strText As String, ByVal strPwd As String)
Dim i As Integer, c As Integer
Dim strBuff As String

#If Not CASE_SENSITIVE_PASSWORD Then

'Convert password to upper case
'if not case-sensitive
strPwd = UCase$(strPwd)

#End If

'Decrypt string
If Len(strPwd) Then
For i = 1 To Len(strText)
c = Asc(Mid$(strText, i, 1))
c = c - Asc(Mid$(strPwd, (i Mod Len(strPwd)) + 1, 1))
strBuff = strBuff & Chr$(c And &HFF)
Next i
Else
strBuff = strText
End If
DecryptText = strBuff
End Function
Private Sub cmdEncrypt_Click()
Text1 = EncryptText((Text1), Text2)
End Sub

Private Sub cmdDecrypt_Click()
Text1 = DecryptText((Text1), Text2)
End Sub
0
 

Author Comment

by:kenmck
ID: 6481816
I have tried the above:

I typed the password as ADMIN and it was encrypted as Y????

I then tried to Decrypt it and instead of ADMIN the DecryptText string was ????E

Any idea why?
0
 

Author Comment

by:kenmck
ID: 6481836
I have tried the above:

I typed the password as ADMIN and it was encrypted as Y????

I then tried to Decrypt it and instead of ADMIN the DecryptText string was ????E

Any idea why?
0
 
LVL 50

Accepted Solution

by:
Ryan Chong earned 150 total points
ID: 6481851
Hi kenmck,

Or maybe you can try some other resources:

Use a one-time pad to encipher and decipher text:
http://www.vb-helper.com/HowTo/onetimepad.zip

Encipher text, part 2:
http://www.vb-helper.com/HowTo/simpencrypt.zip

Encipher text:
http://www.vb-helper.com/HowTo/cipher.zip

This program encrypt or decrypt a text, with a key and a checksum checker. Very good program:
http://www.planetsourcecode.com/vb/scripts/ShowZip.asp?lngWId=1&lngCodeId=11400&strZipAccessCode=ODE%5F114000891

'Hope will help.
0
 

Author Comment

by:kenmck
ID: 6482179
Cheers mate that worked fine.
0
 

Author Comment

by:kenmck
ID: 6486893
Thanks again
0
 
LVL 50

Expert Comment

by:Ryan Chong
ID: 6486895
Hi kenmck,

Glad can help you:)
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most everyone who has done any programming in VB6 knows that you can do something in code like Debug.Print MyVar and that when the program runs from the IDE, the value of MyVar will be displayed in the Immediate Window. Less well known is Debug.Asse…
Background What I'm presenting in this article is the result of 2 conditions in my work area: We have a SQL Server production environment but no development or test environment; andWe have an MS Access front end using tables in SQL Server but we a…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question