Re: Password protect access DB?


I agree 100% ... that is why ... if you are trying to protect sensitive DATA
(protect a patient's identify), your program should implement some type of
data string encryption ... where by the application takes all the
information that could be used to identify a person - a patients name 'John
Smith'; address; postal code; phone number ... - encrypt it, and store the
encrypted strings in the database. Upon retrieval of this information, the
application decrypts it before presenting it to the user. And like I said,
by encapsulating this logic in a base class, you are able to easily apply
the decryption to any visual object you need ... user entry screen, report
and so on...

Access with an Encrypted password is garbage (and MSSQL probably is to) to
those that are determined to hack you database... And for this reason, if
you are trying to protect sensitive data .... you need to secure it at the
field level and not the database level.

To me, this is the only real way to protect sensitive data. However, there
probably is a crack for this to!

That's all, we both agree, I was just trying to give the OP a little more
knowledge to base his decision on - and if he was after DATA / FEILD LEVEL
security, he needs to think a little bit more about it.

Thats all.

Jeff.



"Anil Gupte" <anil-list@xxxxxxxxxxx> wrote in message
news:OFrXyZxYHHA.944@xxxxxxxxxxxxxxxxxxxxxxx
Dude, you are obviously knowledgeable, and this is an excellent line of
reasoning. However, as I mentioned in my other posts I am not convinced
that Access with an encrypted password is any less secure than SQL server.
There are cracks even for SQL Server admin passwords.

Thanx,
--
Anil Gupte
www.keeninc.net
www.icinema.com

"jeff" <jhersey at allnorth dottt com> wrote in message
news:OFhvLPlYHHA.3272@xxxxxxxxxxxxxxxxxxxxxxx

What is the purpose of your security ... to protect sensitive data or
protect your data from being manipulated without the interface or prevent
third party software from accessing you data or to protect your
investment from being reversed engineered.

- if it is to protect sensitive data ... either you will need to abonded
Access or implement field level encryption for the sensitive data (ie
have the application encrypt data before storing it, and have it decrypt
the data when retrieveing it - a little extra but can be done very easily
in a base class - do this with MSSQL server application that handle
patient medical information).

- if it is to prevent manipulation of data ... simply warn the user that
any support agreement is null and void if the data is tampered with
directly in the database.

- if it is to prevent third party software from accessing you data ... I
would suggest going to MSSQL ... again, as previously mentioned, any IT
person (developer or not) should be able to crack an access password in
about 5 minutes ... this includes searching the web and installing the
necessary crack software. How ethical is this? Not very. Is it done?
...

- if it is to protect your property ... spend a little time to
investigate / develop a solution that uses MSSQL server and forget about
Access all together.

Access has it place in the world of stand-alone applications (Sage -
SimplyAccounting); but when security is concerned, its place is on the
sideline!

Jeff




"Anil Gupte" <anil-list@xxxxxxxxxxx> wrote in message
news:eq%230pvkYHHA.3628@xxxxxxxxxxxxxxxxxxxxxxx
I have this problem too. I just want a basic level of security, but the
database has to be local because I am distributing this with my
application.

Thanx,
--
Anil Gupte
www.keeninc.net
www.icinema.com

"rowe_newsgroups" <rowe_email@xxxxxxxxx> wrote in message
news:1173441110.376947.52020@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Mar 9, 4:21 am, teeja...@xxxxxxxxx wrote:
Hi,

I am new to programming with databases and was wanting some help.

Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?

Any help would be much appreciated.

Thanks in advanced.

Tom.

If security is your goal, Access is not the product you want to use.
All it's password protection schemes have been broken and the "hacks"
are posted all over the internet. I'm not saying Sql Server is
perfect, but if security is your goal you may want to download the
express edition and use it.

Also, I'm not sure I know what you mean by "access sent sql commands"?
Are you trying to encrypt the queries that you execute?

Thanks,

Seth Rowe









.

Relevant Pages

  • Re: MDF file level security from copying
    ... is a way to protect the MDF files, ... located on FAT like Windows 98 and Windows ME, ... >BTW, if you are concerned about the database schema, as ... >> file while the sql server is stopped? ...
    (microsoft.public.sqlserver.security)
  • Re: Securing data to a process principal
    ... reasonable controls that protect against "casual" abuse. ... hooks into your encryption function) and you cannot prevent an admin using ... The RM analyst also uses an app that has an embedded obfuscated key (I'll ... where the secret is stored in the registry. ...
    (microsoft.public.platformsdk.security)
  • Re: How can I secure a MSDE database for users who have SQL Server?
    ... > How can I protect a MSDE-database so that SQL Server Enterprise ... > Manager always asks for a password if you want to access the database ... if you know the login name and password. ...
    (microsoft.public.sqlserver.msde)
  • SQL server data protection
    ... Hello does someone knows how i can protect my data if deployed in a MSDE / ... Currently i use a Encrypted MS accesss 2000 database with a workgroup file ... encryption dll stuff) ...
    (microsoft.public.sqlserver)
  • Re: Password protect access DB?
    ... There are cracks even for SQL Server admin passwords. ... What is the purpose of your security ... ... protect your data from being manipulated without the interface or prevent ... directly in the database. ...
    (microsoft.public.dotnet.languages.vb)
Loading