Solved

Is there any way I can store a field in an Access 2000 database using some form of encryption?

Posted on 2001-09-13
14
181 Views
Last Modified: 2010-05-02
I have a VB application, which uses an Access 2000 Database to store data.

I was wondering if anyone knew a way of storing a password field in Access 2000 so, as you could not see the user's password.

For Example:

Password: test
When viewing the table in Access, you see: ####

But when querying that field the application recognized #### as test. (Hope that made sense).


Does anyone know if this is possible?
0
Comment
Question by:kenmck
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 4
14 Comments
 
LVL 43

Expert Comment

by:TimCottee
ID: 6479159
You can only do this by applying some encryption to the text that is stored and decrypting it. It is obviously possible to hide passwords when displaying them using the .PasswordChar property of a text box etc but this is not a native ability for a field in a table. I would suggest that you encrypt and decrypt the password so that the encrypted one is stored in the table and can therefore not easily be understood by someone just looking at the table. There are many easily available encryption routines that you can drop into your application to achieve this.
0
 
LVL 52

Expert Comment

by:Ryan Chong
ID: 6479162
Hi kenmck,

In your Access, goto the Table Design, select the field want to be as "password" field, in "General", select the InputMask, Type "PASSWORD", save it. and try again.

regards.
0
 
LVL 43

Expert Comment

by:TimCottee
ID: 6479185
ryancys, I didn't know of that one, however it does have limitations that encryption doesn't: A user with access can easily change the design to get rid of the password mask, reading the data with ADO or DAO will show the real contents of the field to anyone with the necessary skill to do this. However it may be enough to defeat the casual hacker.
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 52

Expert Comment

by:Ryan Chong
ID: 6479208
Hi TimCottee,

As my understanding on this question, maybe what i'm suggested is correct, but of course maybe is not.

#### <> **** ? Maybe :P

Of course, we can encrypt our field value before we save it into database to increase the security.

regards.

0
 
LVL 43

Expert Comment

by:TimCottee
ID: 6479219
No I think you are correct, I am merely pointing out some potential insecurities associated with this. No slight to you, I wasn't aware of this capability thanks for suggesting it. I would guess that *** or ### is pretty much the same as it effectively obscures the data from the casual observer.
0
 

Author Comment

by:kenmck
ID: 6479407
Thanks to both Ryancys and TimCottee both of you have good answers. The one that I am more intrested in is TimCottee's as it is a more secure option.

Have you any examples of how to do this Tim?
0
 

Author Comment

by:kenmck
ID: 6479413
Thanks to both Ryancys and TimCottee both of you have good answers. The one that I am more intrested in is TimCottee's as it is a more secure option.

Have you any examples of how to do this Tim?
0
 
LVL 43

Expert Comment

by:TimCottee
ID: 6479847
kenmck, here is some code to simply encrypt a string and decrypt it again if required. You would encrypt your password before saving it to the database. And either decrypt it and compare to plain text or simply encrypt the entered password and compare the two encrypted versions. This is technically more secure though as this is a decryptable system it is not 100% secure. It does however require that any hacker knows the encryption / decryption algorithm to get at the password.

Option Explicit

#Const CASE_SENSITIVE_PASSWORD = False
Private Function EncryptText(strText As String, ByVal strPwd As String)
Dim i As Integer, c As Integer
Dim strBuff As String

#If Not CASE_SENSITIVE_PASSWORD Then

'Convert password to upper case
'if not case-sensitive
strPwd = UCase$(strPwd)

#End If

'Encrypt string
If Len(strPwd) Then
  For i = 1 To Len(strText)
  c = Asc(Mid$(strText, i, 1))
  c = c + Asc(Mid$(strPwd, (i Mod Len(strPwd)) + 1, 1))
  strBuff = strBuff & Chr$(c And &HFF)
  Next i
Else
  strBuff = strText
End If

EncryptText = strBuff

End Function

'Decrypt text encrypted with EncryptText
Private Function DecryptText(strText As String, ByVal strPwd As String)
Dim i As Integer, c As Integer
Dim strBuff As String

#If Not CASE_SENSITIVE_PASSWORD Then

'Convert password to upper case
'if not case-sensitive
strPwd = UCase$(strPwd)

#End If

'Decrypt string
If Len(strPwd) Then
For i = 1 To Len(strText)
c = Asc(Mid$(strText, i, 1))
c = c - Asc(Mid$(strPwd, (i Mod Len(strPwd)) + 1, 1))
strBuff = strBuff & Chr$(c And &HFF)
Next i
Else
strBuff = strText
End If
DecryptText = strBuff
End Function
Private Sub cmdEncrypt_Click()
Text1 = EncryptText((Text1), Text2)
End Sub

Private Sub cmdDecrypt_Click()
Text1 = DecryptText((Text1), Text2)
End Sub
0
 

Author Comment

by:kenmck
ID: 6481816
I have tried the above:

I typed the password as ADMIN and it was encrypted as Y????

I then tried to Decrypt it and instead of ADMIN the DecryptText string was ????E

Any idea why?
0
 

Author Comment

by:kenmck
ID: 6481836
I have tried the above:

I typed the password as ADMIN and it was encrypted as Y????

I then tried to Decrypt it and instead of ADMIN the DecryptText string was ????E

Any idea why?
0
 
LVL 52

Accepted Solution

by:
Ryan Chong earned 150 total points
ID: 6481851
Hi kenmck,

Or maybe you can try some other resources:

Use a one-time pad to encipher and decipher text:
http://www.vb-helper.com/HowTo/onetimepad.zip

Encipher text, part 2:
http://www.vb-helper.com/HowTo/simpencrypt.zip

Encipher text:
http://www.vb-helper.com/HowTo/cipher.zip

This program encrypt or decrypt a text, with a key and a checksum checker. Very good program:
http://www.planetsourcecode.com/vb/scripts/ShowZip.asp?lngWId=1&lngCodeId=11400&strZipAccessCode=ODE%5F114000891

'Hope will help.
0
 

Author Comment

by:kenmck
ID: 6482179
Cheers mate that worked fine.
0
 

Author Comment

by:kenmck
ID: 6486893
Thanks again
0
 
LVL 52

Expert Comment

by:Ryan Chong
ID: 6486895
Hi kenmck,

Glad can help you:)
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction While answering a recent question about filtering a custom class collection, I realized that this could be accomplished with very little code by using the ScriptControl (SC) library.  This article will introduce you to the SC library a…
I was working on a PowerPoint add-in the other day and a client asked me "can you implement a feature which processes a chart when it's pasted into a slide from another deck?". It got me wondering how to hook into built-in ribbon events in Office.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…
Suggested Courses
Course of the Month9 days, 17 hours left to enroll

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question