[AccessD] Transactions

Gustav Brock Gustav at cactus.dk
Fri Sep 7 05:13:40 CDT 2007


Hi Arthur

Yes, a simple but extremely efficient method is to encrypt at the field level. Then, even with access to the tables, no information can be read.
I've used that for mdb files sent over the Internet thus eliminating the need for VPN or encrypted mail.

Here's the header info:

' PC1 Cipher 128-bit key
' (c) Alexander Pukall 1991
' Can be used freely even for commercial applications
'
' MS Access 97 version by
' Gustav Brock, Cactus Data ApS
' gustav at cactus.dk 
'
' 2002-03-09. V1.0
'   Initial port from Visual Basic.
' 2002-06-23. V1.1
'   Code clean up and constants added.
'   Redundant code removed.
'   Modified to fully comply with VB datatypes.
'   Modified to not crash for certain passwords.
'   Modified for high speed conversion of long strings ( > 32K).
' 2002-06-24. V1.2
'   Functions added for en/decrypting to/from binary strings.

' Usage:
'   SetPassword(password) sets password prior to en/decryption.
'   GetPassword() retrieves current password.
'   StrEncrypt(DecryptedString) returns encrypted ascii string.
'   StrDecrypt(EncryptedString_ascii) returns decrypted string.
'   StrEncryptBin(DecryptedString) returns encrypted binary string.
'   StrDecryptBin(EncryptedString_binary) returns decrypted string.
'
' Encrypted ascii string is twice the length of the decrypted string.
' Encrypted ascii string contains low ascii chars from a to p only.
' Encrypted binary string is same length as the decrypted string.
' Encrypted binary string may contain any char including Chr(0).
' Password may contain any ascii char including Chr(0).
' Password is maintained in global variable strPC1Password16.

I've posted the full module previously:

http://databaseadvisors.com/pipermail/dba-tech/2005-February/003711.html 

/gustav


>>> fuller.artful at gmail.com 07-09-2007 11:23 >>>
This would appear to be an appropriate thread in which to present my
question, rather than beginning a new thread. The app I have just developed
is for a very small market niche (in fact, so far as I have determined, said
niche contains only one competitor, and my client is so unhappy with said
competitor's product that she commissioned me to write a replacement). All
that aside, there is the issue of credit cards.

It's simple enough to mask the content of the credit card column so that
only the last four numbers show, but the data is still there, naked as it
were, and subject to the aforementioned "link tables" attack. This app uses
an MDB as its back end (so far). I know what to do if the BE is SQL Server
(encrypt the column), but I am not sure what to do in the case of an MDB BE.
The firm's accountant is concerned with this data being potentially
available to leakage (either a disgruntled employee or an internet
penetration). Perhaps a code algorithm to scramble and unscramble the
numbers will suffice. I'm not sure. Any thoughts from the esteemed
readership here?

A.






More information about the AccessD mailing list