UtterAccess.com
X   Site Message
(Message will auto close in 2 seconds)

Welcome to UtterAccess! Please ( Login   or   Register )

Custom Search
2 Pages V < 1 2  (Go to first unread post)
   Reply to this topicStart new topic
> Encrytion Standard Used By Default Access 2016 Accdb File, Access 2016    
 
   
isladogs
post Dec 7 2018, 01:04 PM
Post#21



Posts: 774
Joined: 4-June 18
From: Somerset, UK


Hi Allyson

I was very careful in my choice of words - perhaps too careful as I didn't mean what you thought.

If you read post 14 including the link provided, you should get a better idea of how Access stores & retrieves the password information.
If you also read post 17 & the linked article on my website you will get further information about the information that can be easily retrieved from unencrypted Access files.

However don't confuse two different things.
If you encrypt an ACCDB/ACCDE file with a password the entire file is encrypted and is almost impossible to read with any external software.
However if you link an Access FE to a BE file (encrypted or not), the connection strings are stored in the hidden system table MSysObjects
For info, if you know how to do it, you can also look at that table from another Access database

No matter how long your BE passwords ( I think 20 characters is the max allowed), these will appear in full in the connection string.
So these will always be visible if you look at the Connect field in MSysObjects.
As that table cannot be edited (at least not directly), you cannot hide or mask passwords in those connection strings.

So if you need to prevent users knowing the BE password(s), you need to lock down your FE file to prevent users being able to view system tables
There are many security measures you can do to make it very difficult for users to 'hack' your applications.
I mentioned some of those in my last reply.
If you are interested, there are a number of security challenges on my website.
Even if you don't try & solve them, you can look at what I've done to limit user access.

There is one other solution that can work in certain limited cases.
Do not have BE tables that are permanently linked to your FE.
Instead use code containing SQL statements to set form & report record sources in their Load or Open events
Do NOT save it in the form/report property sheet. Destroy that recordsource when the object is closed
Use an ACCDE file so nobody can read the code used
The result is a fully functional split database with no linked tables so no connection strings visible in MSysObjects

To help explain this idea, see the attached simple demo. The zip file contains an ACCDB FE, encrypted BE (password=isladogs) and a Word doc explaining how to use the demo

However, do remember that Access is not intended for mission critical data security.
If there are serious data privacy issues, instead use e.g. SQL Server to store your BE data



Attached File(s)
Attached File  LinkedNoTables.zip ( 476.62K )Number of downloads: 1
 
Go to the top of the page
 
2 Pages V < 1 2


Custom Search


RSSSearch   Top   Lo-Fi    12th December 2018 - 12:04 AM