Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.
Access Database Encryption
Hi all
Does it really save any purpose to encrypt a database (BE)with a password when some people are saying there are some free software out there that can break the encryption easily , I know for the FE we seam to be fine as long as we only give clients Accde files.
For queries I'm still using a special code to hide special keys( This is also an extra cover to FE objects), unless someone knows my backdoor hot key it will not be possible to unhide the queries.
Though strictly speaking the software is anchored on queries , VBA code , macros and reports because even if one steal the tables with entity relation , how is it going to help without the treasured code???
Kindly educate me if I'm wrong!
Regards
Chris
Does it really save any purpose to encrypt a database (BE)with a password when some people are saying there are some free software out there that can break the encryption easily , I know for the FE we seam to be fine as long as we only give clients Accde files.
For queries I'm still using a special code to hide special keys( This is also an extra cover to FE objects), unless someone knows my backdoor hot key it will not be possible to unhide the queries.
Though strictly speaking the software is anchored on queries , VBA code , macros and reports because even if one steal the tables with entity relation , how is it going to help without the treasured code???
Kindly educate me if I'm wrong!
Regards
Chris
Who is Participating?
It was the old method - pre 2007 - that was easily cracked. The current method using the accdb format is very difficult - if at all - to crack.
/gustav
/gustav
You should tell what is your goal. To encrypt data or application code?
IMHO data are in higher interest of possible attackers because they contain the value. And if we are talking about MS Access where users do have the BE database available on some network share then you never can be 100% safe. (based on https://www.isunshare.com/access-password-recovery.html)
Even when you use MS Access FE and place the data on SQL Server then your more experienced users can obtain the connection string from the FE and access all data etc. etc.
The more secure solution seems to be web/intranet based application where both the database and application resides on the BE and users can access it via web browser. The app itself then handles access rights.
IMHO data are in higher interest of possible attackers because they contain the value. And if we are talking about MS Access where users do have the BE database available on some network share then you never can be 100% safe. (based on https://www.isunshare.com/access-password-recovery.html)
Even when you use MS Access FE and place the data on SQL Server then your more experienced users can obtain the connection string from the FE and access all data etc. etc.
The more secure solution seems to be web/intranet based application where both the database and application resides on the BE and users can access it via web browser. The app itself then handles access rights.
Protection within MS access serve only one purpose:
Keep "amateurs" from accessing your code, queries, table design and relationships.
Also, keep in mind that MS Access isn't designed for puplic deployment (in other words: designed for internal applications).
If you're looking for more robust security, MS Access isn't the tool for you. Look for compiled languages such as .Net, Java, C++ or C, and better database engines like MySQL, SQL Server, Oracle, postGreSQL ect ...
Keep "amateurs" from accessing your code, queries, table design and relationships.
Also, keep in mind that MS Access isn't designed for puplic deployment (in other words: designed for internal applications).
If you're looking for more robust security, MS Access isn't the tool for you. Look for compiled languages such as .Net, Java, C++ or C, and better database engines like MySQL, SQL Server, Oracle, postGreSQL ect ...
know for the FE we seam to be fine as long as we only give clients Accde files.Wrong. There are companies that will "decompile" the database to produce VBA code. Earlier attempts produced tokenized code which although it was valid VBA, was very difficult to read because all the variable names were cryptic. Newer tools produce very readable code with meaningful variable names.
<<There are companies that will "decompile">>
I'm only aware of one that can do that, and their pretty adamant about proof of ownership, so I would not consider this to be a problem as yet.
If your aware of more than one, then it would be an issue.
Jim.
I'm only aware of one that can do that, and their pretty adamant about proof of ownership, so I would not consider this to be a problem as yet.
If your aware of more than one, then it would be an issue.
Jim.
I haven't had the problem so I've never had to use the service so I don't know how many companies are out there. How does one prove they own the app?
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
I'm not aware of anything out there that has cracked it.
Jim.