Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Security for a project that uses Access DB

Posted on 2003-11-10
12
Medium Priority
?
213 Views
Last Modified: 2010-05-03
Hi

I've crated an app in VB6 that uses a DB made in Access 2000 (with DAO 3.6).

I don't wan't let users see or change any data on the DB using Access (or any other DBMS if possible). I want this DB to be manipulated only through my app.

I've set DB and user passwords from Access, but there are programs (even free) on internet that can show these passwords easily.

So what can I do to make more difficult to open and manipulate this DB?
0
Comment
Question by:rettiseert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
12 Comments
 
LVL 28

Expert Comment

by:AzraSound
ID: 9718486
Unfortunately, because of the easy password finding tools for Access, they simply do not do a good job of protection.  Your best option is to probably encrypt the data in the database that is sensitive, and use your app to encrypt/decrypt before writing/reading from the database respectively.
0
 
LVL 5

Expert Comment

by:fantasy1001
ID: 9719021
Yes, you can try to encrypt your database. Or, else you can just rename it yo somename that people wonn't notice like system_10.dll

~ fantasy ~
0
 
LVL 1

Expert Comment

by:lmckenzie
ID: 9719230
If you're dealing with an OS (NT, 2000, XP) that supports fule/directory permissions, you may be able to set things up so that only your application has permission to access the file.  See:

http://www-level3.experts-exchange.com/Programming/Programming_Languages/Visual_Basic/Q_20770069.html
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 13

Author Comment

by:rettiseert
ID: 9726471
AzraSound
Encrypting data sounds good, but speed is very important for my program. Thanks.

fantasy1001
I've already renamed my DB, but the LDB generated when a MDB is open let users know that the file is a standard Access DB.

lmckenzie
I did't know I could set permission this way. Unfortunately the program must work on any Win32 enviroment (from 95 to 2003).

I was thinking... what about using hidden autoexec macros in Access and hidding the tables makind them System tables?
0
 
LVL 13

Author Comment

by:rettiseert
ID: 9726474
Thanks to all
0
 
LVL 1

Expert Comment

by:lmckenzie
ID: 9729327
As long as your database is on the server, it doesn't matter what OS the user has.  If the database is on each individual user's system then encryption may be your only alternative with Access.  You seem to be assumint that someone is going to be motivated enough to hack your data.  If that's the case and it has to reside locally on the client machines consider using MSDE.  Then, you'll essentially be using SQL Server which is a more secure system.
0
 
LVL 13

Author Comment

by:rettiseert
ID: 9736597
Yes, the users will be motivated to to crack this database.

In most cases setting passwords and renaming will be enough, but not always...

I haven't used SQLServer, so I don't know if I need to do many changes to my code and if a SQLServer DB file(s) can be distribute freely with my program.

Thanks again.
0
 
LVL 28

Expert Comment

by:AzraSound
ID: 9853459
What solution was used in the end?
0
 
LVL 13

Author Comment

by:rettiseert
ID: 9866778
well...

1-Renaming database
2-Autoexec macros in access to block the program
3-Hidding tables to make them system tables

I guess encrypt is the best method, but as I said, speed is very important for this project.

Thanks again AzraSound and all the others...
0
 
LVL 1

Expert Comment

by:lmckenzie
ID: 9874941
Wel, you're always going to face tradeoff of course.  It's drastic but there are quite a few freeware encryption components and programs available.   I'm pretty sure you can have your code in one file access data in another .mdb - perhaps attatching the tables I don't remember.  At any rate, You could encrypt the whole data .mdb file and have your code call the encryprion dll or shell the application and decrypt it.  Reverse the process when your application ends.  I don't know what the speed would be, depending on the size of the data .mdb but the decryption/encryption would only happen once at startup and shutdown.  You'd be working with regular data the rest of the time.  The only time they'd have access to the unencrypted data would be during your application's runtime and if you grab an exclusive lock then they couldn't open it then, even using Access.  They could ctrl-alt-delete and kill your application which would leave the data unencrypted.  If they tried to look at the encrypted .mdb otherwise, they's get an error which should discourage prying.  No solution is perfect but some form of encryption is probably the best you can do.
0
 
LVL 2

Accepted Solution

by:
Lunchy earned 0 total points
ID: 9885510
PAQed, with points refunded (60)

Lunchy
Friendly Neighbourhood Community Support Admin
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When designing a form there are several BorderStyles to choose from, all of which can be classified as either 'Fixed' or 'Sizable' and I'd guess that 'Fixed Single' or one of the other fixed types is the most popular choice. I assume it's the most p…
Background What I'm presenting in this article is the result of 2 conditions in my work area: We have a SQL Server production environment but no development or test environment; andWe have an MS Access front end using tables in SQL Server but we a…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question