Solved

Is there any way I can store a field in an Access 2000 database using some form of encryption?

Posted on 2001-09-13
14
173 Views
Last Modified: 2010-05-02
I have a VB application, which uses an Access 2000 Database to store data.

I was wondering if anyone knew a way of storing a password field in Access 2000 so, as you could not see the user's password.

For Example:

Password: test
When viewing the table in Access, you see: ####

But when querying that field the application recognized #### as test. (Hope that made sense).


Does anyone know if this is possible?
0
Comment
Question by:kenmck
  • 6
  • 4
  • 4
14 Comments
 
LVL 43

Expert Comment

by:TimCottee
ID: 6479159
You can only do this by applying some encryption to the text that is stored and decrypting it. It is obviously possible to hide passwords when displaying them using the .PasswordChar property of a text box etc but this is not a native ability for a field in a table. I would suggest that you encrypt and decrypt the password so that the encrypted one is stored in the table and can therefore not easily be understood by someone just looking at the table. There are many easily available encryption routines that you can drop into your application to achieve this.
0
 
LVL 51

Expert Comment

by:Ryan Chong
ID: 6479162
Hi kenmck,

In your Access, goto the Table Design, select the field want to be as "password" field, in "General", select the InputMask, Type "PASSWORD", save it. and try again.

regards.
0
 
LVL 43

Expert Comment

by:TimCottee
ID: 6479185
ryancys, I didn't know of that one, however it does have limitations that encryption doesn't: A user with access can easily change the design to get rid of the password mask, reading the data with ADO or DAO will show the real contents of the field to anyone with the necessary skill to do this. However it may be enough to defeat the casual hacker.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 51

Expert Comment

by:Ryan Chong
ID: 6479208
Hi TimCottee,

As my understanding on this question, maybe what i'm suggested is correct, but of course maybe is not.

#### <> **** ? Maybe :P

Of course, we can encrypt our field value before we save it into database to increase the security.

regards.

0
 
LVL 43

Expert Comment

by:TimCottee
ID: 6479219
No I think you are correct, I am merely pointing out some potential insecurities associated with this. No slight to you, I wasn't aware of this capability thanks for suggesting it. I would guess that *** or ### is pretty much the same as it effectively obscures the data from the casual observer.
0
 

Author Comment

by:kenmck
ID: 6479407
Thanks to both Ryancys and TimCottee both of you have good answers. The one that I am more intrested in is TimCottee's as it is a more secure option.

Have you any examples of how to do this Tim?
0
 

Author Comment

by:kenmck
ID: 6479413
Thanks to both Ryancys and TimCottee both of you have good answers. The one that I am more intrested in is TimCottee's as it is a more secure option.

Have you any examples of how to do this Tim?
0
 
LVL 43

Expert Comment

by:TimCottee
ID: 6479847
kenmck, here is some code to simply encrypt a string and decrypt it again if required. You would encrypt your password before saving it to the database. And either decrypt it and compare to plain text or simply encrypt the entered password and compare the two encrypted versions. This is technically more secure though as this is a decryptable system it is not 100% secure. It does however require that any hacker knows the encryption / decryption algorithm to get at the password.

Option Explicit

#Const CASE_SENSITIVE_PASSWORD = False
Private Function EncryptText(strText As String, ByVal strPwd As String)
Dim i As Integer, c As Integer
Dim strBuff As String

#If Not CASE_SENSITIVE_PASSWORD Then

'Convert password to upper case
'if not case-sensitive
strPwd = UCase$(strPwd)

#End If

'Encrypt string
If Len(strPwd) Then
  For i = 1 To Len(strText)
  c = Asc(Mid$(strText, i, 1))
  c = c + Asc(Mid$(strPwd, (i Mod Len(strPwd)) + 1, 1))
  strBuff = strBuff & Chr$(c And &HFF)
  Next i
Else
  strBuff = strText
End If

EncryptText = strBuff

End Function

'Decrypt text encrypted with EncryptText
Private Function DecryptText(strText As String, ByVal strPwd As String)
Dim i As Integer, c As Integer
Dim strBuff As String

#If Not CASE_SENSITIVE_PASSWORD Then

'Convert password to upper case
'if not case-sensitive
strPwd = UCase$(strPwd)

#End If

'Decrypt string
If Len(strPwd) Then
For i = 1 To Len(strText)
c = Asc(Mid$(strText, i, 1))
c = c - Asc(Mid$(strPwd, (i Mod Len(strPwd)) + 1, 1))
strBuff = strBuff & Chr$(c And &HFF)
Next i
Else
strBuff = strText
End If
DecryptText = strBuff
End Function
Private Sub cmdEncrypt_Click()
Text1 = EncryptText((Text1), Text2)
End Sub

Private Sub cmdDecrypt_Click()
Text1 = DecryptText((Text1), Text2)
End Sub
0
 

Author Comment

by:kenmck
ID: 6481816
I have tried the above:

I typed the password as ADMIN and it was encrypted as Y????

I then tried to Decrypt it and instead of ADMIN the DecryptText string was ????E

Any idea why?
0
 

Author Comment

by:kenmck
ID: 6481836
I have tried the above:

I typed the password as ADMIN and it was encrypted as Y????

I then tried to Decrypt it and instead of ADMIN the DecryptText string was ????E

Any idea why?
0
 
LVL 51

Accepted Solution

by:
Ryan Chong earned 150 total points
ID: 6481851
Hi kenmck,

Or maybe you can try some other resources:

Use a one-time pad to encipher and decipher text:
http://www.vb-helper.com/HowTo/onetimepad.zip

Encipher text, part 2:
http://www.vb-helper.com/HowTo/simpencrypt.zip

Encipher text:
http://www.vb-helper.com/HowTo/cipher.zip

This program encrypt or decrypt a text, with a key and a checksum checker. Very good program:
http://www.planetsourcecode.com/vb/scripts/ShowZip.asp?lngWId=1&lngCodeId=11400&strZipAccessCode=ODE%5F114000891

'Hope will help.
0
 

Author Comment

by:kenmck
ID: 6482179
Cheers mate that worked fine.
0
 

Author Comment

by:kenmck
ID: 6486893
Thanks again
0
 
LVL 51

Expert Comment

by:Ryan Chong
ID: 6486895
Hi kenmck,

Glad can help you:)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When trying to find the cause of a problem in VBA or VB6 it's often valuable to know what procedures were executed prior to the error. You can use the Call Stack for that but it is often inadequate because it may show procedures you aren't intereste…
Enums (shorthand for ‘enumerations’) are not often used by programmers but they can be quite valuable when they are.  What are they? An Enum is just a type of variable like a string or an Integer, but in this case one that you create that contains…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question