By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
428,839 Members | 2,270 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 428,839 IT Pros & Developers. It's quick & easy.

Password protect access DB?

P: n/a
Hi,

I am new to programming with databases and was wanting some help.

Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?

Any help would be much appreciated.

Thanks in advanced.

Tom.

Mar 9 '07 #1
Share this Question
Share on Google+
22 Replies


P: n/a
On Mar 9, 4:21 am, teeja...@gmail.com wrote:
Hi,

I am new to programming with databases and was wanting some help.

Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?

Any help would be much appreciated.

Thanks in advanced.

Tom.
If security is your goal, Access is not the product you want to use.
All it's password protection schemes have been broken and the "hacks"
are posted all over the internet. I'm not saying Sql Server is
perfect, but if security is your goal you may want to download the
express edition and use it.

Also, I'm not sure I know what you mean by "access sent sql commands"?
Are you trying to encrypt the queries that you execute?

Thanks,

Seth Rowe

Mar 9 '07 #2

P: n/a
I have this problem too. I just want a basic level of security, but the
database has to be local because I am distributing this with my application.

Thanx,
--
Anil Gupte
www.keeninc.net
www.icinema.com

"rowe_newsgroups" <ro********@yahoo.comwrote in message
news:11*********************@q40g2000cwq.googlegro ups.com...
On Mar 9, 4:21 am, teeja...@gmail.com wrote:
>Hi,

I am new to programming with databases and was wanting some help.

Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?

Any help would be much appreciated.

Thanks in advanced.

Tom.

If security is your goal, Access is not the product you want to use.
All it's password protection schemes have been broken and the "hacks"
are posted all over the internet. I'm not saying Sql Server is
perfect, but if security is your goal you may want to download the
express edition and use it.

Also, I'm not sure I know what you mean by "access sent sql commands"?
Are you trying to encrypt the queries that you execute?

Thanks,

Seth Rowe

Mar 9 '07 #3

P: n/a
database has to be local because I am distributing this with my application.

Sql Server 2005 can be installed local and can be set as a
prerequisite in the install options, so wouldn't this serve you better
than Access?

Thanks,

Seth Rowe
On Mar 9, 8:07 am, "Anil Gupte" <anil-l...@icinema.comwrote:
I have this problem too. I just want a basic level of security, but the
database has to be local because I am distributing this with my application.

Thanx,
--
Anil Guptewww.keeninc.netwww.icinema.com

"rowe_newsgroups" <rowe_em...@yahoo.comwrote in message

news:11*********************@q40g2000cwq.googlegro ups.com...
On Mar 9, 4:21 am, teeja...@gmail.com wrote:
Hi,
I am new to programming with databases and was wanting some help.
Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?
Any help would be much appreciated.
Thanks in advanced.
Tom.
If security is your goal, Access is not the product you want to use.
All it's password protection schemes have been broken and the "hacks"
are posted all over the internet. I'm not saying Sql Server is
perfect, but if security is your goal you may want to download the
express edition and use it.
Also, I'm not sure I know what you mean by "access sent sql commands"?
Are you trying to encrypt the queries that you execute?
Thanks,
Seth Rowe
Mar 9 '07 #4

P: n/a

What is the purpose of your security ... to protect sensitive data or
protect your data from being manipulated without the interface or prevent
third party software from accessing you data or to protect your investment
from being reversed engineered.

- if it is to protect sensitive data ... either you will need to abonded
Access or implement field level encryption for the sensitive data (ie have
the application encrypt data before storing it, and have it decrypt the data
when retrieveing it - a little extra but can be done very easily in a base
class - do this with MSSQL server application that handle patient medical
information).

- if it is to prevent manipulation of data ... simply warn the user that any
support agreement is null and void if the data is tampered with directly in
the database.

- if it is to prevent third party software from accessing you data ... I
would suggest going to MSSQL ... again, as previously mentioned, any IT
person (developer or not) should be able to crack an access password in
about 5 minutes ... this includes searching the web and installing the
necessary crack software. How ethical is this? Not very. Is it done? ...

- if it is to protect your property ... spend a little time to investigate /
develop a solution that uses MSSQL server and forget about Access all
together.

Access has it place in the world of stand-alone applications (Sage -
SimplyAccounting); but when security is concerned, its place is on the
sideline!

Jeff


"Anil Gupte" <an*******@icinema.comwrote in message
news:eq****************@TK2MSFTNGP02.phx.gbl...
>I have this problem too. I just want a basic level of security, but the
database has to be local because I am distributing this with my
application.

Thanx,
--
Anil Gupte
www.keeninc.net
www.icinema.com

"rowe_newsgroups" <ro********@yahoo.comwrote in message
news:11*********************@q40g2000cwq.googlegro ups.com...
>On Mar 9, 4:21 am, teeja...@gmail.com wrote:
>>Hi,

I am new to programming with databases and was wanting some help.

Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?

Any help would be much appreciated.

Thanks in advanced.

Tom.

If security is your goal, Access is not the product you want to use.
All it's password protection schemes have been broken and the "hacks"
are posted all over the internet. I'm not saying Sql Server is
perfect, but if security is your goal you may want to download the
express edition and use it.

Also, I'm not sure I know what you mean by "access sent sql commands"?
Are you trying to encrypt the queries that you execute?

Thanks,

Seth Rowe


Mar 9 '07 #5

P: n/a
On 9 Mar 2007 01:21:42 -0800, te******@gmail.com wrote:

Hi,

I am new to programming with databases and was wanting some help.

Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?

Any help would be much appreciated.

Yes, you can use ADO.NET. There is a host of information concerning Jet SQL. The last reference
demonstrates how to change or specify a database password:

http://msdn2.microsoft.com/en-us/lib...ffice.10).aspx
http://msdn2.microsoft.com/en-us/lib...ffice.10).aspx
http://msdn2.microsoft.com/en-us/lib...ffice.10).aspx
Paul
~~~~
Microsoft MVP (Visual Basic)
Mar 9 '07 #6

P: n/a
On 9 Mar, 11:51, "rowe_newsgroups" <rowe_em...@yahoo.comwrote:
On Mar 9, 4:21 am, teeja...@gmail.com wrote:
Hi,
I am new to programming with databases and was wanting some help.
Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?
Any help would be much appreciated.
Thanks in advanced.
Tom.

If security is your goal, Access is not the product you want to use.
All it's password protection schemes have been broken and the "hacks"
are posted all over the internet. I'm not saying Sql Server is
perfect, but if security is your goal you may want to download the
express edition and use it.

Also, I'm not sure I know what you mean by "access sent sql commands"?
Are you trying to encrypt the queries that you execute?

Thanks,

Seth Rowe
Thanks for your reply.

Basically I have the Access DB locate on a network share.
The data isn't sensitive but if a member of staff was to find the
location of the database we would not want them to be able to go into
the database and edit it. Obviously at the moment because the users
have permission to the share they can. Because the application is
being used by users working in the IT department they tend to try and
play about with things more than end users!!!
So I want to password protect the DB and still be able to access is
via code in .net.
Obviously some sort of authencation needs to be done in coding to
access the DB.

Thanks.

Mar 9 '07 #7

P: n/a
On 9 Mar, 14:03, "jeff" <jhersey at allnorth dottt comwrote:
What is the purpose of your security ... to protect sensitive data or
protect your data from being manipulated without the interface or prevent
third party software from accessing you data or to protect your investment
from being reversed engineered.

- if it is to protect sensitive data ... either you will need to abonded
Access or implement field level encryption for the sensitive data (ie have
the application encrypt data before storing it, and have it decrypt the data
when retrieveing it - a little extra but can be done very easily in a base
class - do this with MSSQL server application that handle patient medical
information).

- if it is to prevent manipulation of data ... simply warn the user that any
support agreement is null and void if the data is tampered with directly in
the database.

- if it is to prevent third party software from accessing you data ... I
would suggest going to MSSQL ... again, as previously mentioned, any IT
person (developer or not) should be able to crack an access password in
about 5 minutes ... this includes searching the web and installing the
necessary crack software. How ethical is this? Not very. Is it done? ...

- if it is to protect your property ... spend a little time to investigate /
develop a solution that uses MSSQL server and forget about Access all
together.

Access has it place in the world of stand-alone applications (Sage -
SimplyAccounting); but when security is concerned, its place is on the
sideline!

Jeff

"Anil Gupte" <anil-l...@icinema.comwrote in message

news:eq****************@TK2MSFTNGP02.phx.gbl...
I have this problem too. I just want a basic level of security, but the
database has to be local because I am distributing this with my
application.
Thanx,
--
Anil Gupte
www.keeninc.net
www.icinema.com
"rowe_newsgroups" <rowe_em...@yahoo.comwrote in message
news:11*********************@q40g2000cwq.googlegro ups.com...
On Mar 9, 4:21 am, teeja...@gmail.com wrote:
Hi,
>I am new to programming with databases and was wanting some help.
>Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?
>Any help would be much appreciated.
>Thanks in advanced.
>Tom.
If security is your goal, Access is not the product you want to use.
All it's password protection schemes have been broken and the "hacks"
are posted all over the internet. I'm not saying Sql Server is
perfect, but if security is your goal you may want to download the
express edition and use it.
Also, I'm not sure I know what you mean by "access sent sql commands"?
Are you trying to encrypt the queries that you execute?
Thanks,
Seth Rowe- Hide quoted text -

- Show quoted text -
Thanks for that.

I am looking into working with SQL rather than Access.

As this is the first time i have programmed with databases i thought
Access would be a good start.
I think in future apps I will be starting using SQL.

Mar 9 '07 #8

P: n/a

I see a lot of responses here from people telling you that MSSQL is far
superior in security as Access

Well maybe they should have first asked what is your goal , cause if it is
security of data in the context of you that don`t want a user to see the
data in the database
ACCESS isn`t so bad at all and for the people claiming it can be broken in 2
minutes wel i dare to challenge you , i have a database made in access and
if you break it in a week i would give you a guru status do you dare to
pick up the glove ??

Well okay i am going to ruin the contest by telling you how ( what if i did
not give you this info ) but even then i still am confident that you can`t
open the DB in minutes it will probaly take you a few days and in depth
knowledge of Access plus the fact that lots of data wil remain rubish for
you ( so 100% retrievel is impossible i believe )

the Buzz is Workgroup file with a custom encryption key with Access you can
use workgroup files and so delete the standard Admin and user accounts and
thus add your own in this workgroup file you can optionally include an
encyption scheme ( 256 bits ) so you end up with a secured encrypted
database who nobody besides you ( or your program ) can open

In contradiction SQL server and for a fact anny real RDBMS has it`s security
on file system level wich means that a system administrator can always see
the content of the database after mentioning this a few times in the
newsgroups and after manny manny discussions about the usage of data level
protection here in the newsgroups i remember some nice threads with Bill
Vaughn covering this topick MS has decided to implement data level
security in it`s new SQL anywhere product how this exactly works can be
found on MSDN and in Bill`s Book

However this is the first version that is a true replacement of the Access
Data level protection scheme

HTH

Michel Posseth [MCP]

<te******@gmail.comschreef in bericht
news:11**********************@t69g2000cwt.googlegr oups.com...
Hi,

I am new to programming with databases and was wanting some help.

Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?

Any help would be much appreciated.

Thanks in advanced.

Tom.

Mar 10 '07 #9

P: n/a
Dude, you are obviously knowledgeable, and this is an excellent line of
reasoning. However, as I mentioned in my other posts I am not convinced
that Access with an encrypted password is any less secure than SQL server.
There are cracks even for SQL Server admin passwords.

Thanx,
--
Anil Gupte
www.keeninc.net
www.icinema.com

"jeff" <jhersey at allnorth dottt comwrote in message
news:OF**************@TK2MSFTNGP03.phx.gbl...
>
What is the purpose of your security ... to protect sensitive data or
protect your data from being manipulated without the interface or prevent
third party software from accessing you data or to protect your investment
from being reversed engineered.

- if it is to protect sensitive data ... either you will need to abonded
Access or implement field level encryption for the sensitive data (ie have
the application encrypt data before storing it, and have it decrypt the
data when retrieveing it - a little extra but can be done very easily in a
base class - do this with MSSQL server application that handle patient
medical information).

- if it is to prevent manipulation of data ... simply warn the user that
any support agreement is null and void if the data is tampered with
directly in the database.

- if it is to prevent third party software from accessing you data ... I
would suggest going to MSSQL ... again, as previously mentioned, any IT
person (developer or not) should be able to crack an access password in
about 5 minutes ... this includes searching the web and installing the
necessary crack software. How ethical is this? Not very. Is it done?
...

- if it is to protect your property ... spend a little time to investigate
/ develop a solution that uses MSSQL server and forget about Access all
together.

Access has it place in the world of stand-alone applications (Sage -
SimplyAccounting); but when security is concerned, its place is on the
sideline!

Jeff


"Anil Gupte" <an*******@icinema.comwrote in message
news:eq****************@TK2MSFTNGP02.phx.gbl...
>>I have this problem too. I just want a basic level of security, but the
database has to be local because I am distributing this with my
application.

Thanx,
--
Anil Gupte
www.keeninc.net
www.icinema.com

"rowe_newsgroups" <ro********@yahoo.comwrote in message
news:11*********************@q40g2000cwq.googlegr oups.com...
>>On Mar 9, 4:21 am, teeja...@gmail.com wrote:
Hi,

I am new to programming with databases and was wanting some help.

Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?

Any help would be much appreciated.

Thanks in advanced.

Tom.

If security is your goal, Access is not the product you want to use.
All it's password protection schemes have been broken and the "hacks"
are posted all over the internet. I'm not saying Sql Server is
perfect, but if security is your goal you may want to download the
express edition and use it.

Also, I'm not sure I know what you mean by "access sent sql commands"?
Are you trying to encrypt the queries that you execute?

Thanks,

Seth Rowe



Mar 10 '07 #10

P: n/a
Methinks it would be easier to distribute an access file than to install a
new application, to say nothin of the licensing headaches (what if MS
changed the licensing requirements). Also, I don't think SQL Server is
necessarily more secure than an encrypted access database (IMHO).

--
Anil Gupte
www.keeninc.net
www.icinema.com

"rowe_newsgroups" <ro********@yahoo.comwrote in message
news:11**********************@h3g2000cwc.googlegro ups.com...
>database has to be local because I am distributing this with my
application.

Sql Server 2005 can be installed local and can be set as a
prerequisite in the install options, so wouldn't this serve you better
than Access?

Thanks,

Seth Rowe
On Mar 9, 8:07 am, "Anil Gupte" <anil-l...@icinema.comwrote:
>I have this problem too. I just want a basic level of security, but the
database has to be local because I am distributing this with my
application.

Thanx,
--
Anil Guptewww.keeninc.netwww.icinema.com

"rowe_newsgroups" <rowe_em...@yahoo.comwrote in message

news:11*********************@q40g2000cwq.googlegr oups.com...
On Mar 9, 4:21 am, teeja...@gmail.com wrote:
Hi,
>I am new to programming with databases and was wanting some help.
>Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?
>Any help would be much appreciated.
>Thanks in advanced.
>Tom.
If security is your goal, Access is not the product you want to use.
All it's password protection schemes have been broken and the "hacks"
are posted all over the internet. I'm not saying Sql Server is
perfect, but if security is your goal you may want to download the
express edition and use it.
Also, I'm not sure I know what you mean by "access sent sql commands"?
Are you trying to encrypt the queries that you execute?
Thanks,
Seth Rowe

Mar 10 '07 #11

P: n/a
Thanx! Great answer!

--
Anil Gupte
www.keeninc.net
www.icinema.com

"Michel Posseth [MCP]" <MS**@posseth.comwrote in message
news:eG**************@TK2MSFTNGP02.phx.gbl...
>
I see a lot of responses here from people telling you that MSSQL is far
superior in security as Access

Well maybe they should have first asked what is your goal , cause if it is
security of data in the context of you that don`t want a user to see the
data in the database
ACCESS isn`t so bad at all and for the people claiming it can be broken in
2 minutes wel i dare to challenge you , i have a database made in access
and if you break it in a week i would give you a guru status do you dare
to pick up the glove ??

Well okay i am going to ruin the contest by telling you how ( what if i
did not give you this info ) but even then i still am confident that you
can`t open the DB in minutes it will probaly take you a few days and in
depth knowledge of Access plus the fact that lots of data wil remain
rubish for you ( so 100% retrievel is impossible i believe )

the Buzz is Workgroup file with a custom encryption key with Access you
can use workgroup files and so delete the standard Admin and user accounts
and thus add your own in this workgroup file you can optionally include an
encyption scheme ( 256 bits ) so you end up with a secured encrypted
database who nobody besides you ( or your program ) can open

In contradiction SQL server and for a fact anny real RDBMS has it`s
security on file system level wich means that a system administrator can
always see the content of the database after mentioning this a few times
in the newsgroups and after manny manny discussions about the usage of
data level protection here in the newsgroups i remember some nice threads
with Bill Vaughn covering this topick MS has decided to implement data
level security in it`s new SQL anywhere product how this exactly works can
be found on MSDN and in Bill`s Book

However this is the first version that is a true replacement of the Access
Data level protection scheme

HTH

Michel Posseth [MCP]

<te******@gmail.comschreef in bericht
news:11**********************@t69g2000cwt.googlegr oups.com...
>Hi,

I am new to programming with databases and was wanting some help.

Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?

Any help would be much appreciated.

Thanks in advanced.

Tom.


Mar 10 '07 #12

P: n/a
I have used Access as a back-end with a database password. I was not
interested in high-level security; I was just trying to keep the users from
opening the database if they came across it.

One user in particular was dangerous in terms of wanting to muck with the
data and circumvent the audit trail, but was not clever enough to hack into
the database. He actually came by my cube and asked me casually, "I was
trying to check some stuff out. Can you just give me the database password
for a couple of minutes?" Like I wasn't the one who protected it against
*him*!

So it's kind like this: having a deadbolt on the front door of your house
does not discourage all thieves from breaking in, but it does discourage
the casual and more common ones.

Robin S.
---------------------------------------
"Anil Gupte" <an*******@icinema.comwrote in message
news:uQ*************@TK2MSFTNGP06.phx.gbl...
Thanx! Great answer!

--
Anil Gupte
www.keeninc.net
www.icinema.com

"Michel Posseth [MCP]" <MS**@posseth.comwrote in message
news:eG**************@TK2MSFTNGP02.phx.gbl...
>>
I see a lot of responses here from people telling you that MSSQL is far
superior in security as Access

Well maybe they should have first asked what is your goal , cause if it
is security of data in the context of you that don`t want a user to see
the data in the database
ACCESS isn`t so bad at all and for the people claiming it can be broken
in 2 minutes wel i dare to challenge you , i have a database made in
access and if you break it in a week i would give you a guru status do
you dare to pick up the glove ??

Well okay i am going to ruin the contest by telling you how ( what if i
did not give you this info ) but even then i still am confident that you
can`t open the DB in minutes it will probaly take you a few days and in
depth knowledge of Access plus the fact that lots of data wil remain
rubish for you ( so 100% retrievel is impossible i believe )

the Buzz is Workgroup file with a custom encryption key with Access you
can use workgroup files and so delete the standard Admin and user
accounts and thus add your own in this workgroup file you can optionally
include an encyption scheme ( 256 bits ) so you end up with a secured
encrypted database who nobody besides you ( or your program ) can open

In contradiction SQL server and for a fact anny real RDBMS has it`s
security on file system level wich means that a system administrator can
always see the content of the database after mentioning this a few
times in the newsgroups and after manny manny discussions about the
usage of data level protection here in the newsgroups i remember some
nice threads with Bill Vaughn covering this topick MS has decided to
implement data level security in it`s new SQL anywhere product how this
exactly works can be found on MSDN and in Bill`s Book

However this is the first version that is a true replacement of the
Access Data level protection scheme

HTH

Michel Posseth [MCP]

<te******@gmail.comschreef in bericht
news:11**********************@t69g2000cwt.googleg roups.com...
>>Hi,

I am new to programming with databases and was wanting some help.

Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?

Any help would be much appreciated.

Thanks in advanced.

Tom.



Mar 10 '07 #13

P: n/a
"Anil Gupte" <an*******@icinema.comwrote in
news:uC*************@TK2MSFTNGP06.phx.gbl:
Methinks it would be easier to distribute an access file than to
install a new application, to say nothin of the licensing headaches
(what if MS changed the licensing requirements). Also, I don't think
SQL Server is necessarily more secure than an encrypted access
database (IMHO).
Firebird Embedded DB is great for embedded apps. Much more powerful than
Access and free :-)
Mar 10 '07 #14

P: n/a
"RobinS" <Ro****@NoSpam.yah.nonewrote in
news:Rc******************************@comcast.com:
I have used Access as a back-end with a database password. I was not
interested in high-level security; I was just trying to keep the users
from opening the database if they came across it.
Was it a multi-user system? You're pretty brave to use Access for multi-
user ... from what I've read the performance is pretty bad and it has a
good chance of corruption?

Personally I'll avoid access because there are sooo many other choices out
there.
Mar 10 '07 #15

P: n/a
ACCESS isn`t so bad at all and for the people claiming it can be broken in 2
minutes wel i dare to challenge you , i have a database made in access and
if you break it in a week i would give you a guru status do you dare to
pick up the glove ??
I'm guessing you mean you have a heavily modified Access database and
aren't using the "out of the box" Access. If so that is a completely
different scenerio. In my post I assumed (albeit possibly incorrectly)
that the OP was looking to use the standard Access database password
protection and was expecting it to protect his data. I'm sure you can
agree that this is not a secure setup (after all if it was what would
the script-kiddies do?), and as far as standard password protections
Sql Server would win.

Like in all situations, the developer needs balance performance, ease
of use, cost, scalability, and who knows how many other factors before
making a decision.

Thanks,

Seth Rowe
On Mar 10, 4:30 am, "Michel Posseth [MCP]" <M...@posseth.comwrote:
I see a lot of responses here from people telling you that MSSQL is far
superior in security as Access

Well maybe they should have first asked what is your goal , cause if it is
security of data in the context of you that don`t want a user to see the
data in the database
ACCESS isn`t so bad at all and for the people claiming it can be broken in 2
minutes wel i dare to challenge you , i have a database made in access and
if you break it in a week i would give you a guru status do you dare to
pick up the glove ??

Well okay i am going to ruin the contest by telling you how ( what if i did
not give you this info ) but even then i still am confident that you can`t
open the DB in minutes it will probaly take you a few days and in depth
knowledge of Access plus the fact that lots of data wil remain rubish for
you ( so 100% retrievel is impossible i believe )

the Buzz is Workgroup file with a custom encryption key with Access you can
use workgroup files and so delete the standard Admin and user accounts and
thus add your own in this workgroup file you can optionally include an
encyption scheme ( 256 bits ) so you end up with a secured encrypted
database who nobody besides you ( or your program ) can open

In contradiction SQL server and for a fact anny real RDBMS has it`s security
on file system level wich means that a system administrator can always see
the content of the database after mentioning this a few times in the
newsgroups and after manny manny discussions about the usage of data level
protection here in the newsgroups i remember some nice threads with Bill
Vaughn covering this topick MS has decided to implement data level
security in it`s new SQL anywhere product how this exactly works can be
found on MSDN and in Bill`s Book

However this is the first version that is a true replacement of the Access
Data level protection scheme

HTH

Michel Posseth [MCP]

<teeja...@gmail.comschreef in berichtnews:11**********************@t69g2000cwt.g ooglegroups.com...
Hi,
I am new to programming with databases and was wanting some help.
Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?
Any help would be much appreciated.
Thanks in advanced.
Tom.
Mar 10 '07 #16

P: n/a

This isn`t the first time that this is discussed here , as i mentioned in my
previous post

You have another definition of data security as i do
Ofcourse if we are talking about perfomance wit lots amounts of data , and
about Data integrity SQL wins this from Access ( maybe depending on the
progger but that is a different discussion )

but i mean this scenario

I was once a Automotive catalogue programmer with a user base of 20.000 +
users throughout europe , the money was in the relations from cars to the
correct fitting parts we had 20 automotive specialists ( with mechanics
skills ) who did nothing else on daily basis as finding out if the part
would fit on a specific car make and modell .

So this was the value of our program , a car drives in the car shop for a
maintenance service , the mechanic starts our program , and enters the
license plate number
the program now searched in the database and finds the correct make and
modell of the car , the user confirms this and selects the type of
maintenance he wants to do, the program searches again in the database and
finds the corrrect parts to be fit on the car and the estimated repair times
..

The Car shop can inmediatly tell the cutomer what the repair will cost , and
can plan in the repair time in his shop

So as you see the value of the program is in the data , we made this data
and it was our property

If we would have used Anny RDBMS ( SQL server , Firebird etc etc etc etc )
our concurent software vendors could just get themselves a copy of our
program
and steall our data by loging on at the system as a administrator .

Believe me when i say that all of these systems the security was easy
breakable this was really a mather of minutes if you had admin rights on the
local system and if you didn`t, you just copied the dB to your own system
and atached it there to your own server and you are granted full acces

With Access and a custom workgroup file you can really protect the database
from people seeing ( stealing ) the data as how it is stored in the
database
when you say heavy modified ,, well i do not concur this is just a simple
step to acomplish ACCESS has even a builtin wizzard to acomplish this task ,
so i call it a pretty standard feature of Access

look here for more info :
http://office.microsoft.com/en-us/ac...546941033.aspx

But as i said above and before MS has now a valid alternative with there
embedded SQL product ( i believe that it was called sqlanywhere ) wich does
provide a feature to encrypt the database

For more info Buy the latest e-book of Bill Vaughn , or search on MSDN

And about the multi user thingy , we have once released our product on a
server farm with 600 users ( Citrix ) and it ran without anny problems
untill the day of today ( now 4 years ago ) the product was written in VB6
so it is just a mather how you write your proggy
regards

Michel


"rowe_newsgroups" <ro********@yahoo.comschreef in bericht
news:11**********************@c51g2000cwc.googlegr oups.com...
>ACCESS isn`t so bad at all and for the people claiming it can be broken
in 2
minutes wel i dare to challenge you , i have a database made in access
and
if you break it in a week i would give you a guru status do you dare to
pick up the glove ??

I'm guessing you mean you have a heavily modified Access database and
aren't using the "out of the box" Access. If so that is a completely
different scenerio. In my post I assumed (albeit possibly incorrectly)
that the OP was looking to use the standard Access database password
protection and was expecting it to protect his data. I'm sure you can
agree that this is not a secure setup (after all if it was what would
the script-kiddies do?), and as far as standard password protections
Sql Server would win.

Like in all situations, the developer needs balance performance, ease
of use, cost, scalability, and who knows how many other factors before
making a decision.

Thanks,

Seth Rowe
On Mar 10, 4:30 am, "Michel Posseth [MCP]" <M...@posseth.comwrote:
>I see a lot of responses here from people telling you that MSSQL is far
superior in security as Access

Well maybe they should have first asked what is your goal , cause if it
is
security of data in the context of you that don`t want a user to see the
data in the database
ACCESS isn`t so bad at all and for the people claiming it can be broken
in 2
minutes wel i dare to challenge you , i have a database made in access
and
if you break it in a week i would give you a guru status do you dare to
pick up the glove ??

Well okay i am going to ruin the contest by telling you how ( what if i
did
not give you this info ) but even then i still am confident that you
can`t
open the DB in minutes it will probaly take you a few days and in depth
knowledge of Access plus the fact that lots of data wil remain rubish for
you ( so 100% retrievel is impossible i believe )

the Buzz is Workgroup file with a custom encryption key with Access you
can
use workgroup files and so delete the standard Admin and user accounts
and
thus add your own in this workgroup file you can optionally include an
encyption scheme ( 256 bits ) so you end up with a secured encrypted
database who nobody besides you ( or your program ) can open

In contradiction SQL server and for a fact anny real RDBMS has it`s
security
on file system level wich means that a system administrator can always
see
the content of the database after mentioning this a few times in the
newsgroups and after manny manny discussions about the usage of data
level
protection here in the newsgroups i remember some nice threads with Bill
Vaughn covering this topick MS has decided to implement data level
security in it`s new SQL anywhere product how this exactly works can be
found on MSDN and in Bill`s Book

However this is the first version that is a true replacement of the
Access
Data level protection scheme

HTH

Michel Posseth [MCP]

<teeja...@gmail.comschreef in
berichtnews:11**********************@t69g2000cwt. googlegroups.com...
Hi,
I am new to programming with databases and was wanting some help.
Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?
Any help would be much appreciated.
Thanks in advanced.
Tom.

Mar 11 '07 #17

P: n/a
Very interesting example you describe.

I think the small footprint database you refer to as SQLAnywhere is now
known as SQL Server Compact Edition.

I have begun using it for desktop apps as will as for mobile devices.

You can read about it at (watch wrapping) at:

http://download.microsoft.com/downlo...meSSCE2005.htm

I believe it now may be part of VS 2005 Service Pack 1 (just check if
Data.SqlServerCe.SqlCeConnection makes sense in your program)

"Michel Posseth [MCP]" <MS**@posseth.comwrote in message
news:eK*************@TK2MSFTNGP03.phx.gbl...
>
This isn`t the first time that this is discussed here , as i mentioned in
my previous post

You have another definition of data security as i do
Ofcourse if we are talking about perfomance wit lots amounts of data , and
about Data integrity SQL wins this from Access ( maybe depending on the
progger but that is a different discussion )

but i mean this scenario

I was once a Automotive catalogue programmer with a user base of 20.000 +
users throughout europe , the money was in the relations from cars to the
correct fitting parts we had 20 automotive specialists ( with mechanics
skills ) who did nothing else on daily basis as finding out if the part
would fit on a specific car make and modell .

So this was the value of our program , a car drives in the car shop for a
maintenance service , the mechanic starts our program , and enters the
license plate number
the program now searched in the database and finds the correct make and
modell of the car , the user confirms this and selects the type of
maintenance he wants to do, the program searches again in the database
and finds the corrrect parts to be fit on the car and the estimated repair
times .

The Car shop can inmediatly tell the cutomer what the repair will cost ,
and can plan in the repair time in his shop

So as you see the value of the program is in the data , we made this data
and it was our property

If we would have used Anny RDBMS ( SQL server , Firebird etc etc etc etc )
our concurent software vendors could just get themselves a copy of our
program
and steall our data by loging on at the system as a administrator .

Believe me when i say that all of these systems the security was easy
breakable this was really a mather of minutes if you had admin rights on
the local system and if you didn`t, you just copied the dB to your own
system and atached it there to your own server and you are granted full
acces

With Access and a custom workgroup file you can really protect the
database from people seeing ( stealing ) the data as how it is stored in
the database
when you say heavy modified ,, well i do not concur this is just a simple
step to acomplish ACCESS has even a builtin wizzard to acomplish this task
, so i call it a pretty standard feature of Access

look here for more info :
http://office.microsoft.com/en-us/ac...546941033.aspx

But as i said above and before MS has now a valid alternative with there
embedded SQL product ( i believe that it was called sqlanywhere ) wich
does provide a feature to encrypt the database

For more info Buy the latest e-book of Bill Vaughn , or search on MSDN

And about the multi user thingy , we have once released our product on a
server farm with 600 users ( Citrix ) and it ran without anny problems
untill the day of today ( now 4 years ago ) the product was written in
VB6 so it is just a mather how you write your proggy
regards

Michel


"rowe_newsgroups" <ro********@yahoo.comschreef in bericht
news:11**********************@c51g2000cwc.googlegr oups.com...
>>ACCESS isn`t so bad at all and for the people claiming it can be broken
in 2
minutes wel i dare to challenge you , i have a database made in access
and
if you break it in a week i would give you a guru status do you dare to
pick up the glove ??

I'm guessing you mean you have a heavily modified Access database and
aren't using the "out of the box" Access. If so that is a completely
different scenerio. In my post I assumed (albeit possibly incorrectly)
that the OP was looking to use the standard Access database password
protection and was expecting it to protect his data. I'm sure you can
agree that this is not a secure setup (after all if it was what would
the script-kiddies do?), and as far as standard password protections
Sql Server would win.

Like in all situations, the developer needs balance performance, ease
of use, cost, scalability, and who knows how many other factors before
making a decision.

Thanks,

Seth Rowe
On Mar 10, 4:30 am, "Michel Posseth [MCP]" <M...@posseth.comwrote:
>>I see a lot of responses here from people telling you that MSSQL is far
superior in security as Access

Well maybe they should have first asked what is your goal , cause if it
is
security of data in the context of you that don`t want a user to see the
data in the database
ACCESS isn`t so bad at all and for the people claiming it can be broken
in 2
minutes wel i dare to challenge you , i have a database made in access
and
if you break it in a week i would give you a guru status do you dare to
pick up the glove ??

Well okay i am going to ruin the contest by telling you how ( what if i
did
not give you this info ) but even then i still am confident that you
can`t
open the DB in minutes it will probaly take you a few days and in depth
knowledge of Access plus the fact that lots of data wil remain rubish
for
you ( so 100% retrievel is impossible i believe )

the Buzz is Workgroup file with a custom encryption key with Access you
can
use workgroup files and so delete the standard Admin and user accounts
and
thus add your own in this workgroup file you can optionally include an
encyption scheme ( 256 bits ) so you end up with a secured encrypted
database who nobody besides you ( or your program ) can open

In contradiction SQL server and for a fact anny real RDBMS has it`s
security
on file system level wich means that a system administrator can always
see
the content of the database after mentioning this a few times in the
newsgroups and after manny manny discussions about the usage of data
level
protection here in the newsgroups i remember some nice threads with Bill
Vaughn covering this topick MS has decided to implement data level
security in it`s new SQL anywhere product how this exactly works can be
found on MSDN and in Bill`s Book

However this is the first version that is a true replacement of the
Access
Data level protection scheme

HTH

Michel Posseth [MCP]

<teeja...@gmail.comschreef in
berichtnews:11**********************@t69g2000cwt .googlegroups.com...

Hi,

I am new to programming with databases and was wanting some help.

Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?

Any help would be much appreciated.

Thanks in advanced.

Tom.


Mar 11 '07 #18

P: n/a
I had anywhere from 5 to 50 simultaneous users. There were only 8 people
with update access. I didn't have any problems with performance. The
database for one of the applications I wrote was over 500MB -- no problems.

I had only the rare occurrence of corruption, usually because someone had
killed the process rather than exiting from the VB application.

On the last project I worked on, running VB with an Access backend, I had
it compact the database once a day. When the users logged out, if it hadn't
been backed up, and there was only one user and he was the one logging out
and he had update access, the database would compact. So just by chance,
the database would be compacted once every day or so. In doing this, it
also backed it up. So I always had the last backup if the database got
corrupted (but it only did twice in a year).

Robin S.
------------------------
"Spam Catcher" <sp**********@rogers.comwrote in message
news:Xn**********************************@127.0.0. 1...
"RobinS" <Ro****@NoSpam.yah.nonewrote in
news:Rc******************************@comcast.com:
>I have used Access as a back-end with a database password. I was not
interested in high-level security; I was just trying to keep the users
from opening the database if they came across it.

Was it a multi-user system? You're pretty brave to use Access for multi-
user ... from what I've read the performance is pretty bad and it has a
good chance of corruption?

Personally I'll avoid access because there are sooo many other choices
out
there.

Mar 11 '07 #19

P: n/a
"RobinS" <Ro****@NoSpam.yah.nonewrote in
news:pM******************************@comcast.com:
I had anywhere from 5 to 50 simultaneous users. There were only 8
people with update access. I didn't have any problems with
performance. The database for one of the applications I wrote was over
500MB -- no problems.

I had only the rare occurrence of corruption, usually because someone
had killed the process rather than exiting from the VB application.

On the last project I worked on, running VB with an Access backend, I
had it compact the database once a day. When the users logged out, if
it hadn't been backed up, and there was only one user and he was the
one logging out and he had update access, the database would compact.
So just by chance, the database would be compacted once every day or
so. In doing this, it also backed it up. So I always had the last
backup if the database got corrupted (but it only did twice in a
year).
With these types of hassles, would it make more sense to use a database
like SQL Express, MySQL, or even Firebird?

Firebird's embedded DB is pretty good - not sure if it's meant for multi-
user, but it's tiny (250KB for the engine). Otherwise there is a full
fledged firebird DB you can include if you need a full db.
Mar 11 '07 #20

P: n/a
"Spam Catcher" <sp**********@rogers.comwrote in message
news:Xn**********************************@127.0.0. 1...
"RobinS" <Ro****@NoSpam.yah.nonewrote in
news:pM******************************@comcast.com:
>I had anywhere from 5 to 50 simultaneous users. There were only 8
people with update access. I didn't have any problems with
performance. The database for one of the applications I wrote was over
500MB -- no problems.

I had only the rare occurrence of corruption, usually because someone
had killed the process rather than exiting from the VB application.

On the last project I worked on, running VB with an Access backend, I
had it compact the database once a day. When the users logged out, if
it hadn't been backed up, and there was only one user and he was the
one logging out and he had update access, the database would compact.
So just by chance, the database would be compacted once every day or
so. In doing this, it also backed it up. So I always had the last
backup if the database got corrupted (but it only did twice in a
year).

With these types of hassles, would it make more sense to use a database
like SQL Express, MySQL, or even Firebird?

Firebird's embedded DB is pretty good - not sure if it's meant for multi-
user, but it's tiny (250KB for the engine). Otherwise there is a full
fledged firebird DB you can include if you need a full db.
------------------------------

What kind of hassles? That was my point. I had no problems, unless you are
referring to the auto-compacting procedure, which took about an hour to
write and implement, and worked forever after.

My first choice would be SQLServer, but that wasn't an option on this
project. I had to use whatever I could get for free that my department was
okay with; they had a site license for MS Professional, hence Access. (Yes,
I know SQLSE is free, read on.)

I was the only IT person in the department, and they felt more comfortable
with Access than SQLServer because they felt it was more supportable. You
have to admit, anybody can open an Access database and look at the tables.
And they can do it w/o installing SQLServer on their desktop.

All in all, I developed several desktop applications with varying purposes
for different groups, with Access as the back-end, and they are all still
in production today, with no known problems. The first one was implemented
in 2000.

But if I had had free reign, I would have used SQLServer, no question.

Robin S.
Ts'i mahnu uterna ot twan ot geifur hingts uto.
-----------------------------------------------
Mar 11 '07 #21

P: n/a

I agree 100% ... that is why ... if you are trying to protect sensitive DATA
(protect a patient's identify), your program should implement some type of
data string encryption ... where by the application takes all the
information that could be used to identify a person - a patients name 'John
Smith'; address; postal code; phone number ... - encrypt it, and store the
encrypted strings in the database. Upon retrieval of this information, the
application decrypts it before presenting it to the user. And like I said,
by encapsulating this logic in a base class, you are able to easily apply
the decryption to any visual object you need ... user entry screen, report
and so on...

Access with an Encrypted password is garbage (and MSSQL probably is to) to
those that are determined to hack you database... And for this reason, if
you are trying to protect sensitive data .... you need to secure it at the
field level and not the database level.

To me, this is the only real way to protect sensitive data. However, there
probably is a crack for this to!

That's all, we both agree, I was just trying to give the OP a little more
knowledge to base his decision on - and if he was after DATA / FEILD LEVEL
security, he needs to think a little bit more about it.

Thats all.

Jeff.

"Anil Gupte" <an*******@icinema.comwrote in message
news:OF*************@TK2MSFTNGP06.phx.gbl...
Dude, you are obviously knowledgeable, and this is an excellent line of
reasoning. However, as I mentioned in my other posts I am not convinced
that Access with an encrypted password is any less secure than SQL server.
There are cracks even for SQL Server admin passwords.

Thanx,
--
Anil Gupte
www.keeninc.net
www.icinema.com

"jeff" <jhersey at allnorth dottt comwrote in message
news:OF**************@TK2MSFTNGP03.phx.gbl...
>>
What is the purpose of your security ... to protect sensitive data or
protect your data from being manipulated without the interface or prevent
third party software from accessing you data or to protect your
investment from being reversed engineered.

- if it is to protect sensitive data ... either you will need to abonded
Access or implement field level encryption for the sensitive data (ie
have the application encrypt data before storing it, and have it decrypt
the data when retrieveing it - a little extra but can be done very easily
in a base class - do this with MSSQL server application that handle
patient medical information).

- if it is to prevent manipulation of data ... simply warn the user that
any support agreement is null and void if the data is tampered with
directly in the database.

- if it is to prevent third party software from accessing you data ... I
would suggest going to MSSQL ... again, as previously mentioned, any IT
person (developer or not) should be able to crack an access password in
about 5 minutes ... this includes searching the web and installing the
necessary crack software. How ethical is this? Not very. Is it done?
...

- if it is to protect your property ... spend a little time to
investigate / develop a solution that uses MSSQL server and forget about
Access all together.

Access has it place in the world of stand-alone applications (Sage -
SimplyAccounting); but when security is concerned, its place is on the
sideline!

Jeff


"Anil Gupte" <an*******@icinema.comwrote in message
news:eq****************@TK2MSFTNGP02.phx.gbl...
>>>I have this problem too. I just want a basic level of security, but the
database has to be local because I am distributing this with my
application.

Thanx,
--
Anil Gupte
www.keeninc.net
www.icinema.com

"rowe_newsgroups" <ro********@yahoo.comwrote in message
news:11*********************@q40g2000cwq.googleg roups.com...
On Mar 9, 4:21 am, teeja...@gmail.com wrote:
Hi,
>
I am new to programming with databases and was wanting some help.
>
Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?
>
Any help would be much appreciated.
>
Thanks in advanced.
>
Tom.

If security is your goal, Access is not the product you want to use.
All it's password protection schemes have been broken and the "hacks"
are posted all over the internet. I'm not saying Sql Server is
perfect, but if security is your goal you may want to download the
express edition and use it.

Also, I'm not sure I know what you mean by "access sent sql commands"?
Are you trying to encrypt the queries that you execute?

Thanks,

Seth Rowe



Mar 12 '07 #22

P: n/a

thank you michel ... very informative.

"Michel Posseth [MCP]" <MS**@posseth.comwrote in message
news:eK*************@TK2MSFTNGP03.phx.gbl...
>
This isn`t the first time that this is discussed here , as i mentioned in
my previous post

You have another definition of data security as i do
Ofcourse if we are talking about perfomance wit lots amounts of data , and
about Data integrity SQL wins this from Access ( maybe depending on the
progger but that is a different discussion )

but i mean this scenario

I was once a Automotive catalogue programmer with a user base of 20.000 +
users throughout europe , the money was in the relations from cars to the
correct fitting parts we had 20 automotive specialists ( with mechanics
skills ) who did nothing else on daily basis as finding out if the part
would fit on a specific car make and modell .

So this was the value of our program , a car drives in the car shop for a
maintenance service , the mechanic starts our program , and enters the
license plate number
the program now searched in the database and finds the correct make and
modell of the car , the user confirms this and selects the type of
maintenance he wants to do, the program searches again in the database
and finds the corrrect parts to be fit on the car and the estimated repair
times .

The Car shop can inmediatly tell the cutomer what the repair will cost ,
and can plan in the repair time in his shop

So as you see the value of the program is in the data , we made this data
and it was our property

If we would have used Anny RDBMS ( SQL server , Firebird etc etc etc etc )
our concurent software vendors could just get themselves a copy of our
program
and steall our data by loging on at the system as a administrator .

Believe me when i say that all of these systems the security was easy
breakable this was really a mather of minutes if you had admin rights on
the local system and if you didn`t, you just copied the dB to your own
system and atached it there to your own server and you are granted full
acces

With Access and a custom workgroup file you can really protect the
database from people seeing ( stealing ) the data as how it is stored in
the database
when you say heavy modified ,, well i do not concur this is just a simple
step to acomplish ACCESS has even a builtin wizzard to acomplish this task
, so i call it a pretty standard feature of Access

look here for more info :
http://office.microsoft.com/en-us/ac...546941033.aspx

But as i said above and before MS has now a valid alternative with there
embedded SQL product ( i believe that it was called sqlanywhere ) wich
does provide a feature to encrypt the database

For more info Buy the latest e-book of Bill Vaughn , or search on MSDN

And about the multi user thingy , we have once released our product on a
server farm with 600 users ( Citrix ) and it ran without anny problems
untill the day of today ( now 4 years ago ) the product was written in
VB6 so it is just a mather how you write your proggy
regards

Michel


"rowe_newsgroups" <ro********@yahoo.comschreef in bericht
news:11**********************@c51g2000cwc.googlegr oups.com...
>>ACCESS isn`t so bad at all and for the people claiming it can be broken
in 2
minutes wel i dare to challenge you , i have a database made in access
and
if you break it in a week i would give you a guru status do you dare to
pick up the glove ??

I'm guessing you mean you have a heavily modified Access database and
aren't using the "out of the box" Access. If so that is a completely
different scenerio. In my post I assumed (albeit possibly incorrectly)
that the OP was looking to use the standard Access database password
protection and was expecting it to protect his data. I'm sure you can
agree that this is not a secure setup (after all if it was what would
the script-kiddies do?), and as far as standard password protections
Sql Server would win.

Like in all situations, the developer needs balance performance, ease
of use, cost, scalability, and who knows how many other factors before
making a decision.

Thanks,

Seth Rowe
On Mar 10, 4:30 am, "Michel Posseth [MCP]" <M...@posseth.comwrote:
>>I see a lot of responses here from people telling you that MSSQL is far
superior in security as Access

Well maybe they should have first asked what is your goal , cause if it
is
security of data in the context of you that don`t want a user to see the
data in the database
ACCESS isn`t so bad at all and for the people claiming it can be broken
in 2
minutes wel i dare to challenge you , i have a database made in access
and
if you break it in a week i would give you a guru status do you dare to
pick up the glove ??

Well okay i am going to ruin the contest by telling you how ( what if i
did
not give you this info ) but even then i still am confident that you
can`t
open the DB in minutes it will probaly take you a few days and in depth
knowledge of Access plus the fact that lots of data wil remain rubish
for
you ( so 100% retrievel is impossible i believe )

the Buzz is Workgroup file with a custom encryption key with Access you
can
use workgroup files and so delete the standard Admin and user accounts
and
thus add your own in this workgroup file you can optionally include an
encyption scheme ( 256 bits ) so you end up with a secured encrypted
database who nobody besides you ( or your program ) can open

In contradiction SQL server and for a fact anny real RDBMS has it`s
security
on file system level wich means that a system administrator can always
see
the content of the database after mentioning this a few times in the
newsgroups and after manny manny discussions about the usage of data
level
protection here in the newsgroups i remember some nice threads with Bill
Vaughn covering this topick MS has decided to implement data level
security in it`s new SQL anywhere product how this exactly works can be
found on MSDN and in Bill`s Book

However this is the first version that is a true replacement of the
Access
Data level protection scheme

HTH

Michel Posseth [MCP]

<teeja...@gmail.comschreef in
berichtnews:11**********************@t69g2000cwt .googlegroups.com...

Hi,

I am new to programming with databases and was wanting some help.

Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?

Any help would be much appreciated.

Thanks in advanced.

Tom.


Mar 12 '07 #23

This discussion thread is closed

Replies have been disabled for this discussion.