Access Database Encryption

Hi all

Does it really save any purpose to encrypt a database (BE)with a password when some people are saying there are some free software out there that can break the encryption easily , I know for the FE we seam to be fine as long as we only give clients Accde files.

For queries I'm still using a special code to hide special keys( This is also an extra cover to FE objects), unless someone knows my backdoor hot key it will not be possible to unhide the queries.

Though strictly speaking the software is anchored on queries , VBA code  , macros and reports because even if one steal the tables with entity relation , how is it going to help without the treasured code???

Kindly educate me if I'm wrong!


Hankwembo Christopher,FCCA,FZICA,CIA,MAAT,B.A.ScDirectorAsked:
Who is Participating?
Jim Dettman (Microsoft MVP/ EE MVE)President / OwnerCommented:
As gustav said, the new ACE format uses a better encryption (RC4 protection up-to 128-bit) and uses the Win crypto libs.

 I'm not aware of anything out there that has cracked it.

Gustav BrockCIOCommented:
It was the old method - pre 2007 - that was easily cracked. The current method using the accdb format is very difficult - if at all - to crack.

You should tell what is your goal. To encrypt data or application code?

IMHO data are in higher interest of possible attackers because they contain the value. And if we are talking about MS Access where users do have the BE database available on some network share then you never can be 100% safe. (based on

Even when you use MS Access FE and place the data on SQL Server then your more experienced users can obtain the connection string from the FE and access all data etc. etc.

The more secure solution seems to be web/intranet based application where both the database and application resides on the BE and users can access it via web browser. The app itself then handles access rights.
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Fabrice LambertFabrice LambertCommented:
Protection within MS access serve only one purpose:
Keep "amateurs" from accessing your code, queries, table design and relationships.

Also, keep in mind that MS Access isn't designed for puplic deployment (in other words: designed for internal applications).

If you're looking for more robust security, MS Access isn't the tool for you. Look for compiled languages such as .Net, Java, C++ or C, and better database engines like MySQL, SQL Server, Oracle, postGreSQL ect ...
know for the FE we seam to be fine as long as we only give clients Accde files.
Wrong.  There are companies that will "decompile" the database to produce VBA code.  Earlier attempts produced tokenized code which although it was valid VBA, was very difficult to read because all the variable names were cryptic.  Newer tools produce very readable code with meaningful variable names.
Jim Dettman (Microsoft MVP/ EE MVE)President / OwnerCommented:
<<There are companies that will "decompile">>

 I'm only aware of one that can do that, and their pretty adamant about proof of ownership, so I would not consider this to be a problem as yet.

 If your aware of more than one, then it would be an issue.

I haven't had the problem so I've never had to use the service so I don't know how many companies are out there.  How does one prove they own the app?
Jim Dettman (Microsoft MVP/ EE MVE)President / OwnerCommented:
<< How does one prove they own the app?>>

 Copyright paperwork, their name is on the app, they can provide some of the source code, etc.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.