Encrypted database

You can "encrypt" an Access or Jet database, but that only keeps someone
with a disk zapper from reading the contents. You don't specify the
passwords/keywords and it can be opened and read by anyone with Microsoft
Access.

There are also two other levels of security... a password on the entire
database (almost trivially easy for a knowledgeable party to crack) and user
and group level security, which is a bit more challenging. You might have to
pay US$150 or so to purchase crack software to recover the userid, password,
ownerid, and owner's password.

The Jet database engine that comes with and installs with Access and is used
by default is a "file-server" database -- if placed on a shared network
folder, it works just to serve the "files" as needed; all database
extraction and manipulation is done on the user's machine. And, since under
these circumstances, the user must have full permissions, including create
and delete on the folder where that database resides, there is nothing to
keep him/her from copying it, taking it away, and having plenty of time to
try to crack it. No file that you put in someone else's hands can be
considered secure.

Server databases, where all that is passed is "data" (requests and data
values), are much more secure. That's not to say that there are not flaws,
from time to time, that allow them to be "cracked", but the operative phrase
is "much more" secure.

All the applications I've worked on where security was of prime importance
used an Access client application but kept the data in an ODBC-compliant
server database and the owners were comfortable that their data was secure.
It's not as if they opened up their server to everyone using the Internet.
The applications were LAN-based.

Larry Linson
Microsoft Access MVP

"Martin" <0_******@pacbell.net> wrote in message
news:VG*******************@newssvr21.news.prodigy. com...

Is there a way to create and encrypted database file?

What do people do when data security is important at the file level? In
other words, you don't want anyone to be able to take the database file
(or files) and extract data from them.

Ideally, I want a file the is absolutely encrypted on disk and that is
decrypted for data access. The problem, obviously, is that this would be
a very costly (cpu time) approach as you couldn't create a decrypted image
on disk (this would expose the data).

Are all database systems then, non-secure?

Thanks,

-Martin