Solved

Is there any way I can store a field in an Access 2000 database using some form of encryption?

Posted on 2001-09-13
14
165 Views
Last Modified: 2010-05-02
I have a VB application, which uses an Access 2000 Database to store data.

I was wondering if anyone knew a way of storing a password field in Access 2000 so, as you could not see the user's password.

For Example:

Password: test
When viewing the table in Access, you see: ####

But when querying that field the application recognized #### as test. (Hope that made sense).


Does anyone know if this is possible?
0
Comment
Question by:kenmck
  • 6
  • 4
  • 4
14 Comments
 
LVL 43

Expert Comment

by:TimCottee
ID: 6479159
You can only do this by applying some encryption to the text that is stored and decrypting it. It is obviously possible to hide passwords when displaying them using the .PasswordChar property of a text box etc but this is not a native ability for a field in a table. I would suggest that you encrypt and decrypt the password so that the encrypted one is stored in the table and can therefore not easily be understood by someone just looking at the table. There are many easily available encryption routines that you can drop into your application to achieve this.
0
 
LVL 49

Expert Comment

by:Ryan Chong
ID: 6479162
Hi kenmck,

In your Access, goto the Table Design, select the field want to be as "password" field, in "General", select the InputMask, Type "PASSWORD", save it. and try again.

regards.
0
 
LVL 43

Expert Comment

by:TimCottee
ID: 6479185
ryancys, I didn't know of that one, however it does have limitations that encryption doesn't: A user with access can easily change the design to get rid of the password mask, reading the data with ADO or DAO will show the real contents of the field to anyone with the necessary skill to do this. However it may be enough to defeat the casual hacker.
0
 
LVL 49

Expert Comment

by:Ryan Chong
ID: 6479208
Hi TimCottee,

As my understanding on this question, maybe what i'm suggested is correct, but of course maybe is not.

#### <> **** ? Maybe :P

Of course, we can encrypt our field value before we save it into database to increase the security.

regards.

0
 
LVL 43

Expert Comment

by:TimCottee
ID: 6479219
No I think you are correct, I am merely pointing out some potential insecurities associated with this. No slight to you, I wasn't aware of this capability thanks for suggesting it. I would guess that *** or ### is pretty much the same as it effectively obscures the data from the casual observer.
0
 

Author Comment

by:kenmck
ID: 6479407
Thanks to both Ryancys and TimCottee both of you have good answers. The one that I am more intrested in is TimCottee's as it is a more secure option.

Have you any examples of how to do this Tim?
0
 

Author Comment

by:kenmck
ID: 6479413
Thanks to both Ryancys and TimCottee both of you have good answers. The one that I am more intrested in is TimCottee's as it is a more secure option.

Have you any examples of how to do this Tim?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 43

Expert Comment

by:TimCottee
ID: 6479847
kenmck, here is some code to simply encrypt a string and decrypt it again if required. You would encrypt your password before saving it to the database. And either decrypt it and compare to plain text or simply encrypt the entered password and compare the two encrypted versions. This is technically more secure though as this is a decryptable system it is not 100% secure. It does however require that any hacker knows the encryption / decryption algorithm to get at the password.

Option Explicit

#Const CASE_SENSITIVE_PASSWORD = False
Private Function EncryptText(strText As String, ByVal strPwd As String)
Dim i As Integer, c As Integer
Dim strBuff As String

#If Not CASE_SENSITIVE_PASSWORD Then

'Convert password to upper case
'if not case-sensitive
strPwd = UCase$(strPwd)

#End If

'Encrypt string
If Len(strPwd) Then
  For i = 1 To Len(strText)
  c = Asc(Mid$(strText, i, 1))
  c = c + Asc(Mid$(strPwd, (i Mod Len(strPwd)) + 1, 1))
  strBuff = strBuff & Chr$(c And &HFF)
  Next i
Else
  strBuff = strText
End If

EncryptText = strBuff

End Function

'Decrypt text encrypted with EncryptText
Private Function DecryptText(strText As String, ByVal strPwd As String)
Dim i As Integer, c As Integer
Dim strBuff As String

#If Not CASE_SENSITIVE_PASSWORD Then

'Convert password to upper case
'if not case-sensitive
strPwd = UCase$(strPwd)

#End If

'Decrypt string
If Len(strPwd) Then
For i = 1 To Len(strText)
c = Asc(Mid$(strText, i, 1))
c = c - Asc(Mid$(strPwd, (i Mod Len(strPwd)) + 1, 1))
strBuff = strBuff & Chr$(c And &HFF)
Next i
Else
strBuff = strText
End If
DecryptText = strBuff
End Function
Private Sub cmdEncrypt_Click()
Text1 = EncryptText((Text1), Text2)
End Sub

Private Sub cmdDecrypt_Click()
Text1 = DecryptText((Text1), Text2)
End Sub
0
 

Author Comment

by:kenmck
ID: 6481816
I have tried the above:

I typed the password as ADMIN and it was encrypted as Y????

I then tried to Decrypt it and instead of ADMIN the DecryptText string was ????E

Any idea why?
0
 

Author Comment

by:kenmck
ID: 6481836
I have tried the above:

I typed the password as ADMIN and it was encrypted as Y????

I then tried to Decrypt it and instead of ADMIN the DecryptText string was ????E

Any idea why?
0
 
LVL 49

Accepted Solution

by:
Ryan Chong earned 150 total points
ID: 6481851
Hi kenmck,

Or maybe you can try some other resources:

Use a one-time pad to encipher and decipher text:
http://www.vb-helper.com/HowTo/onetimepad.zip

Encipher text, part 2:
http://www.vb-helper.com/HowTo/simpencrypt.zip

Encipher text:
http://www.vb-helper.com/HowTo/cipher.zip

This program encrypt or decrypt a text, with a key and a checksum checker. Very good program:
http://www.planetsourcecode.com/vb/scripts/ShowZip.asp?lngWId=1&lngCodeId=11400&strZipAccessCode=ODE%5F114000891

'Hope will help.
0
 

Author Comment

by:kenmck
ID: 6482179
Cheers mate that worked fine.
0
 

Author Comment

by:kenmck
ID: 6486893
Thanks again
0
 
LVL 49

Expert Comment

by:Ryan Chong
ID: 6486895
Hi kenmck,

Glad can help you:)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When trying to find the cause of a problem in VBA or VB6 it's often valuable to know what procedures were executed prior to the error. You can use the Call Stack for that but it is often inadequate because it may show procedures you aren't intereste…
When designing a form there are several BorderStyles to choose from, all of which can be classified as either 'Fixed' or 'Sizable' and I'd guess that 'Fixed Single' or one of the other fixed types is the most popular choice. I assume it's the most p…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now