How to encrypt back end database table containing user passwords information (1 Viewer)

Ihsang

Member
Local time
Today, 08:53
Joined
Apr 7, 2020
Messages
49
I have multiuser based access database, splitted into front end and back end. Back End database is is on network and password protected.
But this password protection is not strong in MS office, I know this can be unprotected with a very little effort.

My concern is, because this table contains user sensitive data like passwords etc, though they are masked steric but can be seen by the table exporting into file.
There are other methods to encrypt table data into some other characters like "v9[&^tv{9{w||v7" etc.
I saw some professional databases, in which client database is made like this.
I dont know how to this. I want users sensitive information to be protected, so the passwords containing table information never be seen by any third party.

I need help please. Thanks
Below is example table, which is part of a Management system which has two databases at the same time, 1) main database for all records 2) Client profile database
Concept for this probably is that cleint can not change his profile info or can not resell with another name etc....

how client profile data is hidden with some codes. I dont know, how is this done? I want to apply for password table in my case.
1599261038446.png
 

theDBguy

I’m here to help
Staff member
Local time
Yesterday, 23:53
Joined
Oct 29, 2018
Messages
13,202
Hi. Not sure I understood your question. But if you're asking how to securely store users' passwords, then I would say to use a hashing function to convert those passwords into hashes. That's the usual approach when dealing with passwords.
 

plog

Banishment Pending
Local time
Today, 01:53
Joined
May 11, 2011
Messages
10,126
The way you do this is by reading up on encryption. Short story--you add an encryption/ decryption function to a module and you run all your data through that function when you want to use it in the database.

Hashing is one way encryption--data goes in, but doesn't come out. You need an actual encryption/decryption function that allows you to take the jumble of letters you see and convert it back to real data a human can use.

Here's a good start using VBA:

 

CJ_London

Super Moderator
Staff member
Local time
Today, 07:53
Joined
Feb 19, 2013
Messages
12,585
you need a function in the front end to encrypt your data before saving and another to decrypt it when retrieving data. Depends on your version of access but from 2007 onwards, password protection is very strong (but ultimately can be broken with enough time and resource) - that strength does not apply to the other office products. However there is still a weakness in the front end where the password can be found in clear text if you know where to look. That same 'knowing where to look' also applies to being able to find and use your decryption function.

The issue is not really about encryption, it is about decryption. One way encryption (known as hashing) is frequently used for passwords which do not need to be decrypted. Say a users password is 'aVcd1' which encrypts to 'v9[&^tv{9{w||v7'. To check the password is valid, a user enters the password, which is then encrypted and compared with the stored value of v9[&^tv{9{w||v7 - if an exact match the is password OK. There is no means you can decrypt the stored value from the original value.

As you can see that won't work if you want someones address, hence the need for a decryption routine.

So you store in a table employee addresses and you want protect the data. You decide to password protect the file and encrypt the data. So who is that data protected from? Answer: its protected from someone copying the back end file who knows the password, so once they open the file all they see is nonsense.

Who is that data not protected from? Answer: anyone who can open the front end file, who can copy/paste, export tables/queries take screenshots, etc. To limit that possibility perhaps you disable copy/paste, disable the ability to take screenshots or through forms, limit the ability to search. At an extreme remove all pen/paper/mobile phone cameras

So you need to develop a data security risk strategy and be very clear about what you want to protect, from whom and by what methods.
 

Users who are viewing this thread

Top Bottom