Access 2007

My OS is win 7 Prof 64 bit and I use Access 2007.  I have a very small database that I created which I want to protect both at the file level as well as the data level.  i.e. if someone opens the file, it will ask for a password which should be very hard to find within the application.  And the other is if the thief does succeed, the data will be encrypted and it will be seen as garbage without entering another password.  How does one go about doing this, and hope the Gurus can please show me how.
jegajothyretiredAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

chaauCommented:
MS Access has a built-in feature to encrypt the data with passwords. This Microsoft article explains the topic in full.

Additionally, you can protect the file using a password protected zip file. WinZip or other utilities have these functionality
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jack LeachProprietorCommented:
While Access does has some basic capability for password protecting files, it's just that - basic.

Access has a deserved reputation of being insecure for means of protecting sensitive data.  This is typically the top reason that people would migrate to a SQL Server backend.

Consider that Access is:
- a file based BE, meaning anyone who can write data through the FE has permissions to copy the BE file
- weak in protection to the point that someone who knows their way around fairly well can typically break any imposed protection.

Give the fact that it's file based and you only need a knowledgeable person to get past the minimal security, it's quite easy for someone to grab a copy of the file, take it home and plug away at it.

All that said, it's enough for many cases, but if you're quite concerned over it, you may want to consider a different backend for your Access application.

Cheers
0
pcelbaCommented:
Every hacking attack is successful depending on hacker's knowledge. It does not matter if you are using Accesss or SQL Server.  OK, to copy SQL Server database is a bit more difficult but principles described by Jack are still valid...

You should decide what security level is necessary for your small app.

1) You may encrypt the whole harddrive (Windows 7 Ultimate allows it) so nobody low experienced can read the stolen HD. More info: http://en.wikipedia.org/wiki/BitLocker (But the thief can ask for the password as the first step...)
2) You may encrypt the database only. More info: http://windows.microsoft.com/en-us/windows/encrypt-decrypt-folder-file#1TC=windows-7 (you may also find open source file crypting software on the web)
3) You may store your data into a cloud or remote server (it is hard to steel such files for ordinary people but...)
4) You should not store passwords into the app but users should know them. The app should store and compare just the hash calculated from the password entered by users.

Remember the fact each encryption requires strict rules for periodic data archiving because the archive restore is the cheapest way how the get your corrupted or stolen data back. (Of course, the archive can also be stolen...)
0
Scott McDaniel (Microsoft Access MVP - EE MVE )Infotrakker SoftwareCommented:
Access 2007 made some big changes in the password protection for 2007, so I'd say that except for the most determined hacker a password-protected database would suffice for most needs

Password protection in 2007+ automatically encrypts the file, but not the data in the file (at least to my understanding), so if I know the password I would see all data in plain text. The only way to actually encrypt the data would be to create routines that handle data inserts/updates for you, and perform your encryption there. This would of course be a big performance hit, so if you go this route take that into consideration.

That said, I agree with Jack regarding the viability of Access as a "secure" database platform. If you're overly concerned with data security, then Access probably isn't the best choice. Microsoft SQL Server Express is free and has all the security features of it's big brother, and it integrates well with Access. You might consider moving to that platform.
0
jegajothyretiredAuthor Commented:
Thank u for the solution I needed. Gracias
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Access

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.