using encrypted access database 
Author Message
 using encrypted access database

Hello ...

I want to protect my database (Access) design. I know a little about Access
security and heard it can be circumvented using ODBC?  How can I encrypt my
database so that it is still readable and writable for my app but more
difficult to access otherwise.

I'd appreciate any help ....
Thank you
Fatima



Wed, 18 Jun 1902 08:00:00 GMT  
 using encrypted access database
Hello ...

I want to protect my database (Access) design. I know a little about Access
security and heard it can be circumvented using ODBC?  How can I encrypt my
database so that it is still readable and writable for my app but more
difficult to access otherwise.

I'd appreciate any help ....
Thank you
Fatima



Wed, 18 Jun 1902 08:00:00 GMT  
 using encrypted access database

Quote:

> I want to protect my database (Access) design. I know a little about
> Access security and heard it can be circumvented using ODBC?  How can
> I encrypt my database so that it is still readable and writable for
> my app but more difficult to access otherwise.

First, remember that ALL encryption schemes that can be exported
out of the USA without restrictions are very weak (maximal 40 bits).
Second, recent discoveries point in the direction that MS has built
in its crypto API a backdoor key for the NSA. So unless you don't
care if the NSA can read the files it is useless anyway.

If you want to be reasonably safe, don't encrypt the database at all
via Access, but encrypt all non-index fields by a secure algorithm
like IDEA, CAST or 3DES. Then everyone can read the fields, but only
people with the right key can understand them. Of course you shouldn't
hard-code this key in your app since then it is still easy to find it
(also if you xor it, game crackers can do this already). After all,
that's how the cryptoAPI backdoor was found. A possible solution is
to encrypt the key also via a secure algorithm and decrypt it after
the pass phrase is entered.

--
ir. J.C.A. Wevers        // Physics and science fiction site:




Wed, 18 Jun 1902 08:00:00 GMT  
 using encrypted access database
It's worse than that, Johan, Fatima...  Microsoft's security on Access
databases is actually quite transparent.  The master keys are right
there, very slightly hidden.  To see for yourself, generate a few
identical MDB's with slightly different passwords/GUIDs and take a very
close look at the first 256 bytes of the file each time.  Or if you
don't want to take the time, look for password crackers.

If the information in a database is confidential, it should be stored in
a client server computer database ONLY, and steps must be taken to be
certain that the only way to get to the data is through the server's
security gates.

Quote:


> > I want to protect my database (Access) design. I know a little about
> > Access security and heard it can be circumvented using ODBC?  How can
> > I encrypt my database so that it is still readable and writable for
> > my app but more difficult to access otherwise.

> First, remember that ALL encryption schemes that can be exported
> out of the USA without restrictions are very weak (maximal 40 bits).
> Second, recent discoveries point in the direction that MS has built
> in its crypto API a backdoor key for the NSA. So unless you don't
> care if the NSA can read the files it is useless anyway.

> If you want to be reasonably safe, don't encrypt the database at all
> via Access, but encrypt all non-index fields by a secure algorithm
> like IDEA, CAST or 3DES. Then everyone can read the fields, but only
> people with the right key can understand them. Of course you shouldn't
> hard-code this key in your app since then it is still easy to find it
> (also if you xor it, game crackers can do this already). After all,
> that's how the cryptoAPI backdoor was found. A possible solution is
> to encrypt the key also via a secure algorithm and decrypt it after
> the pass phrase is entered.

> --
> ir. J.C.A. Wevers        // Physics and science fiction site:



--
------------------------------------------------------------------------
Sundial Services :: Scottsdale, AZ (USA) :: (480) 946-8259

- Show quoted text -

Quote:
> Got Paradox/Delphi database headaches?  ChimneySweep{tm} can help, FAST!
> http://www.sundialservices.com/cs3web.htm



Wed, 18 Jun 1902 08:00:00 GMT  
 
 [ 4 post ] 

 Relevant Pages 

1. Using ADO with Encrypted/Password Protected Access databases

2. *how to use encrypted ms access database

3. Encrypting text stored in inidividual database records

4. Encrypting a database.

5. Information, using access database with delphi.

6. Deleting a detail record using Delphi 1.0 on a MS Access 2.0 database

7. Compact Access Database using ADO

8. Problems in using Delphi 1.0 with an access 2.0 database

9. Using Access database in Delphi 4 over internet

10. Using the Access Jet Database DLL

11. Using MS-Access database

12. Major bug using Access database in Delphi 3

 

 
Powered by phpBB® Forum Software