securing access database


DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 3 of 3

Thread: securing access database

Hybrid View

  1. #1
    Walfried Guest

    securing access database



    Hello list,

    I've got an Access database which I like to secure with a password. After
    looking around on the WWW it seems to me that the retreival ,or cracking,
    of the password that you can assign with Access itself is very easy to do.
    My question : is there an other option for protecting my database ?

    Thanks for any help.
    Kind regards

    Walfried



  2. #2
    Douglas J. Steele Guest

    Re: securing access database


    While NO desktop product is entirely hacker-proof, if applied correctly,
    Access security (NOT the totally-useless "Password" option) is reasonably
    secure.

    See the Access Security White Paper for more details.
    http://support.microsoft.com/support...ent/secfaq.asp (Make sure
    you follow EVERY step faithfully!)

    --

    Doug Steele, Microsoft Access MVP
    Beer, Wine and Database Programming. What could be better?
    Visit "Doug Steele's Beer and Programming Emporium"
    http://I.Am/DougSteele/


    "Walfried" <wvdb@village.uunet.be> wrote:
    >
    >
    >Hello list,
    >
    >I've got an Access database which I like to secure with a password. After
    >looking around on the WWW it seems to me that the retreival ,or cracking,
    >of the password that you can assign with Access itself is very easy to do.
    >My question : is there an other option for protecting my database ?
    >
    >Thanks for any help.
    >Kind regards
    >
    >Walfried
    >
    >



  3. #3
    Oren Guest

    Re: securing access database

    > I've got an Access database which I like to secure with a password. After
    > looking around on the WWW it seems to me that the retreival ,or cracking,
    > of the password that you can assign with Access itself is very easy to do.
    > My question : is there an other option for protecting my database ?


    I prefer to use the unsecured db level password option in access.
    Keep your anti-hacking tricks stored in your program where you actually have
    control.
    If your database is hacked who cares, the person who has access to that
    computer/network directory most likely has access to the program, if not
    it's the fault of the network admin, not your prog.
    As for user-level access, if you do not want to use the built in feature,
    you can store user names and passwords in the database as md5 hashes, then
    store a crc of each entry somewhere in the registry in a non-chalant value
    (you want it on a user by user basis as to not invalidate the entire system
    if only one user pwd is hacked/corrupted). If the crc does not match the
    database, then you simply put your invalid login value.


    Database ->
    UserName/Pwd
    Text MD5

    Program ->
    Set Password ->
    FieldUserName = UserName
    FieldPassword = MD5(Password) 'If you need code to access
    the crypto api just ask

    WriteRegKey MyLocation, MyKey, CRC(MD5(Password)) 'Don't use
    the internal reg writing commands in vb, the values are too easy to spot

    Get Password ->
    SELECT UserName, Password FROM ......... WHERE ....."

    IF MD5(Password) = FieldPassword THEN
    IF GetRegKey(MyLocation, MyKey) = CRC(FieldPassword) THEN
    UserHasPermission



    Got the idea?

    Oren



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center