securing access database

Printable View

08-07-2000, 01:16 PM
Walfried

securing access database

Hello list,

I've got an Access database which I like to secure with a password. After
looking around on the WWW it seems to me that the retreival ,or cracking,
of the password that you can assign with Access itself is very easy to do.
My question : is there an other option for protecting my database ?

Thanks for any help.
Kind regards

Walfried
08-07-2000, 01:18 PM
Douglas J. Steele

Re: securing access database

While NO desktop product is entirely hacker-proof, if applied correctly,
Access security (NOT the totally-useless "Password" option) is reasonably
secure.

See the Access Security White Paper for more details.
http://support.microsoft.com/support...ent/secfaq.asp (Make sure
you follow EVERY step faithfully!)

--

Doug Steele, Microsoft Access MVP
Beer, Wine and Database Programming. What could be better?
Visit "Doug Steele's Beer and Programming Emporium"
http://I.Am/DougSteele/

"Walfried" <wvdb@village.uunet.be> wrote:
>
>
>Hello list,
>
>I've got an Access database which I like to secure with a password. After
>looking around on the WWW it seems to me that the retreival ,or cracking,
>of the password that you can assign with Access itself is very easy to do.
>My question : is there an other option for protecting my database ?
>
>Thanks for any help.
>Kind regards
>
>Walfried
>
>
08-07-2000, 02:33 PM
Oren

Re: securing access database

> I've got an Access database which I like to secure with a password. After
> looking around on the WWW it seems to me that the retreival ,or cracking,
> of the password that you can assign with Access itself is very easy to do.
> My question : is there an other option for protecting my database ?

I prefer to use the unsecured db level password option in access.
Keep your anti-hacking tricks stored in your program where you actually have
control.
If your database is hacked who cares, the person who has access to that
computer/network directory most likely has access to the program, if not
it's the fault of the network admin, not your prog.
As for user-level access, if you do not want to use the built in feature,
you can store user names and passwords in the database as md5 hashes, then
store a crc of each entry somewhere in the registry in a non-chalant value
(you want it on a user by user basis as to not invalidate the entire system
if only one user pwd is hacked/corrupted). If the crc does not match the
database, then you simply put your invalid login value.

Database ->
UserName/Pwd
Text MD5

Program ->
Set Password ->
FieldUserName = UserName
FieldPassword = MD5(Password) 'If you need code to access
the crypto api just ask

WriteRegKey MyLocation, MyKey, CRC(MD5(Password)) 'Don't use
the internal reg writing commands in vb, the values are too easy to spot

Get Password ->
SELECT UserName, Password FROM ......... WHERE ....."

IF MD5(Password) = FieldPassword THEN
IF GetRegKey(MyLocation, MyKey) = CRC(FieldPassword) THEN
UserHasPermission

Got the idea?

Oren