[AccessD] Security & encryption (cross posted to accessd & dba-sql)

Gustav Brock Gustav at cactus.dk
Tue May 10 04:54:03 CDT 2005


Hi Roz

A simple but extremely efficient method is to encrypt at the field
level. Then, even with access to the tables, no information can be
read.
I've used that for mdb files sent over the Internet thus eliminating
the need for VPN or encrypted mail.

Here's the header info:

' PC1 Cipher 128-bit key
' (c) Alexander Pukall 1991
' Can be used freely even for commercial applications
'
' MS Access 97 version by
' Gustav Brock, Cactus Data ApS
' gustav at cactus.dk 
'
' 2002-03-09. V1.0
'   Initial port from Visual Basic.
' 2002-06-23. V1.1
'   Code clean up and constants added.
'   Redundant code removed.
'   Modified to fully comply with VB datatypes.
'   Modified to not crash for certain passwords.
'   Modified for high speed conversion of long strings ( > 32K).
' 2002-06-24. V1.2
'   Functions added for en/decrypting to/from binary strings.

' Usage:
'   SetPassword(password) sets password prior to en/decryption.
'   GetPassword() retrieves current password.
'   StrEncrypt(DecryptedString) returns encrypted ascii string.
'   StrDecrypt(EncryptedString_ascii) returns decrypted string.
'   StrEncryptBin(DecryptedString) returns encrypted binary string.
'   StrDecryptBin(EncryptedString_binary) returns decrypted string.
'
' Encrypted ascii string is twice the length of the decrypted string.
' Encrypted ascii string contains low ascii chars from a to p only.
' Encrypted binary string is same length as the decrypted string.
' Encrypted binary string may contain any char including Chr(0).
' Password may contain any ascii char including Chr(0).
' Password is maintained in global variable strPC1Password16.

You may be able to persuade me to change the header to justify
management to spend some money!

/gustav

>>> roz.clarke at donnslaw.co.uk 05/10 11:04 am >>>
Hi all

This may or may not be slightly OT... We have been asked by our HR
department whether it's possible for us to build a storage facility
for
confidential data (such as salary information), that is encrypted and
that
neither we nor the network administrators could get into once it's
gone
live. Ideally it would be integrated with their current application
which is
Access 2002 FE / SQL Server 7.0 BE.

How do I build an encrypted database that I can then lock myself out
of
completely?! Without locking everyone else out too (that I've done
before). 

Management are willing to spend some money if necessary.

TIA

Roz



More information about the AccessD mailing list