I intend to use an access file as the backend for my very data-driven vb.net
application. I need to secure this file so that it can only be access by a
user through the vb.net front end. How can I secure the mdb file so that no
one can look at it thru the 'back door'?

Thanks!

Generally, if you can get in through the front-end you can also get in
through the back-end.

First read the Access Security FAQ at
http://support.microsoft.com/support...ent/secfaq.asp to learn how
to secure your database.

If you give users a login/password to access the system, anyone with the
know-how could log into the Access database directly. If you just hard-code
the login/password into the application, it can be cracked to find the string
where you store it and then they could still get in.

The best solution would be to follow the steps in the FAQ, create a new
group with minimal rights, and create users for that group that have a
login/password you can give out to whoever needs it. You can prevent those
users from having design permissions inside the database, but they'll still
be able to see the data (again, only if they know how to get into a secured
Access database).

"Jesse Aufiero" wrote:

> I intend to use an access file as the backend for my very data-driven vb.net
> application. I need to secure this file so that it can only be access by a
> user through the vb.net front end. How can I secure the mdb file so that no
> one can look at it thru the 'back door'?
>
> Thanks!
>
>
>

Can you suggest an alternative to Access that is more secure?


"Phillip (formerly "theriaup")"
<(E-Mail Removed)> wrote in message
news:30C98C14-E877-447E-84AF-(E-Mail Removed)...
> Generally, if you can get in through the front-end you can also get in
> through the back-end.
>
> First read the Access Security FAQ at
> http://support.microsoft.com/support...ent/secfaq.asp to learn
> how
> to secure your database.
>
> If you give users a login/password to access the system, anyone with the
> know-how could log into the Access database directly. If you just
> hard-code
> the login/password into the application, it can be cracked to find the
> string
> where you store it and then they could still get in.
>
> The best solution would be to follow the steps in the FAQ, create a new
> group with minimal rights, and create users for that group that have a
> login/password you can give out to whoever needs it. You can prevent
> those
> users from having design permissions inside the database, but they'll
> still
> be able to see the data (again, only if they know how to get into a
> secured
> Access database).
>
> "Jesse Aufiero" wrote:
>
>> I intend to use an access file as the backend for my very data-driven
>> vb.net
>> application. I need to secure this file so that it can only be access by
>> a
>> user through the vb.net front end. How can I secure the mdb file so that
>> no
>> one can look at it thru the 'back door'?
>>
>> Thanks!
>>
>>
>>

Jesse,

You can try MSDE or SQL Server Express (free download from MS).

Immanuel Sibero



"Jesse Aufiero" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Can you suggest an alternative to Access that is more secure?
>
>
> "Phillip (formerly "theriaup")"
> <(E-Mail Removed)> wrote in message
> news:30C98C14-E877-447E-84AF-(E-Mail Removed)...
> > Generally, if you can get in through the front-end you can also get in
> > through the back-end.
> >
> > First read the Access Security FAQ at
> > http://support.microsoft.com/support...ent/secfaq.asp to learn
> > how
> > to secure your database.
> >
> > If you give users a login/password to access the system, anyone with the
> > know-how could log into the Access database directly. If you just
> > hard-code
> > the login/password into the application, it can be cracked to find the
> > string
> > where you store it and then they could still get in.
> >
> > The best solution would be to follow the steps in the FAQ, create a new
> > group with minimal rights, and create users for that group that have a
> > login/password you can give out to whoever needs it. You can prevent
> > those
> > users from having design permissions inside the database, but they'll
> > still
> > be able to see the data (again, only if they know how to get into a
> > secured
> > Access database).
> >
> > "Jesse Aufiero" wrote:
> >
> >> I intend to use an access file as the backend for my very data-driven
> >> vb.net
> >> application. I need to secure this file so that it can only be access
by
> >> a
> >> user through the vb.net front end. How can I secure the mdb file so
that
> >> no
> >> one can look at it thru the 'back door'?
> >>
> >> Thanks!
> >>
> >>
> >>
>
>

I thought you might say that. I tried MSDE (I'm developing for version 1.1
of the .Net frmwrk) and had a number of problems installing it. It made me
wonder 'if I can't install it on my own machine manually, how will i deploy
it with my application!'.


"Immanuel Sibero" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> Jesse,
>
> You can try MSDE or SQL Server Express (free download from MS).
>
> Immanuel Sibero
>
>
>
> "Jesse Aufiero" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Can you suggest an alternative to Access that is more secure?
>>
>>
>> "Phillip (formerly "theriaup")"
>> <(E-Mail Removed)> wrote in message
>> news:30C98C14-E877-447E-84AF-(E-Mail Removed)...
>> > Generally, if you can get in through the front-end you can also get in
>> > through the back-end.
>> >
>> > First read the Access Security FAQ at
>> > http://support.microsoft.com/support...ent/secfaq.asp to learn
>> > how
>> > to secure your database.
>> >
>> > If you give users a login/password to access the system, anyone with
>> > the
>> > know-how could log into the Access database directly. If you just
>> > hard-code
>> > the login/password into the application, it can be cracked to find the
>> > string
>> > where you store it and then they could still get in.
>> >
>> > The best solution would be to follow the steps in the FAQ, create a new
>> > group with minimal rights, and create users for that group that have a
>> > login/password you can give out to whoever needs it. You can prevent
>> > those
>> > users from having design permissions inside the database, but they'll
>> > still
>> > be able to see the data (again, only if they know how to get into a
>> > secured
>> > Access database).
>> >
>> > "Jesse Aufiero" wrote:
>> >
>> >> I intend to use an access file as the backend for my very data-driven
>> >> vb.net
>> >> application. I need to secure this file so that it can only be access
> by
>> >> a
>> >> user through the vb.net front end. How can I secure the mdb file so
> that
>> >> no
>> >> one can look at it thru the 'back door'?
>> >>
>> >> Thanks!
>> >>
>> >>
>> >>
>>
>>
>
>

> of the .Net frmwrk) and had a number of problems installing it. It made
me
> wonder 'if I can't install it on my own machine manually, how will i
deploy
> it with my application!'.


Agreed. It's not the easiest. I think MS has a whole slew of information
(articles, documentation, etc.) on embedding MSDE/SQLExpress within your
applicaton. Personally, I have installed MSDE manually (painfully, as you
mentioned), but have never deployed it as part of an app.


Immanuel Sibero



"Jesse Aufiero" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I thought you might say that. I tried MSDE (I'm developing for version
1.1
> of the .Net frmwrk) and had a number of problems installing it. It made
me
> wonder 'if I can't install it on my own machine manually, how will i
deploy
> it with my application!'.
>
>
> "Immanuel Sibero" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> >
> > Jesse,
> >
> > You can try MSDE or SQL Server Express (free download from MS).
> >
> > Immanuel Sibero
> >
> >
> >
> > "Jesse Aufiero" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >> Can you suggest an alternative to Access that is more secure?
> >>
> >>
> >> "Phillip (formerly "theriaup")"
> >> <(E-Mail Removed)> wrote in message
> >> news:30C98C14-E877-447E-84AF-(E-Mail Removed)...
> >> > Generally, if you can get in through the front-end you can also get
in
> >> > through the back-end.
> >> >
> >> > First read the Access Security FAQ at
> >> > http://support.microsoft.com/support...ent/secfaq.asp to
learn
> >> > how
> >> > to secure your database.
> >> >
> >> > If you give users a login/password to access the system, anyone with
> >> > the
> >> > know-how could log into the Access database directly. If you just
> >> > hard-code
> >> > the login/password into the application, it can be cracked to find
the
> >> > string
> >> > where you store it and then they could still get in.
> >> >
> >> > The best solution would be to follow the steps in the FAQ, create a
new
> >> > group with minimal rights, and create users for that group that have
a
> >> > login/password you can give out to whoever needs it. You can prevent
> >> > those
> >> > users from having design permissions inside the database, but they'll
> >> > still
> >> > be able to see the data (again, only if they know how to get into a
> >> > secured
> >> > Access database).
> >> >
> >> > "Jesse Aufiero" wrote:
> >> >
> >> >> I intend to use an access file as the backend for my very
data-driven
> >> >> vb.net
> >> >> application. I need to secure this file so that it can only be
access
> > by
> >> >> a
> >> >> user through the vb.net front end. How can I secure the mdb file so
> > that
> >> >> no
> >> >> one can look at it thru the 'back door'?
> >> >>
> >> >> Thanks!
> >> >>
> >> >>
> >> >>
> >>
> >>
> >
> >
>
>

MSDE seems like overkill anyway. The database size will not be large and
the sql stmnts will be relatively simple.

Access is a good solution in all respects except one: it doesn't seem secure
enough. There's got to be a way to store data outside my vb.net
application, query that data from my app, write data to that data source
from my app, and prevent hackers from accessing that data source directly.


"Immanuel Sibero" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
>> of the .Net frmwrk) and had a number of problems installing it. It made
> me
>> wonder 'if I can't install it on my own machine manually, how will i
> deploy
>> it with my application!'.
>
>
> Agreed. It's not the easiest. I think MS has a whole slew of information
> (articles, documentation, etc.) on embedding MSDE/SQLExpress within your
> applicaton. Personally, I have installed MSDE manually (painfully, as you
> mentioned), but have never deployed it as part of an app.
>
>
> Immanuel Sibero
>
>
>
> "Jesse Aufiero" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> I thought you might say that. I tried MSDE (I'm developing for version
> 1.1
>> of the .Net frmwrk) and had a number of problems installing it. It made
> me
>> wonder 'if I can't install it on my own machine manually, how will i
> deploy
>> it with my application!'.
>>
>>
>> "Immanuel Sibero" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> >
>> > Jesse,
>> >
>> > You can try MSDE or SQL Server Express (free download from MS).
>> >
>> > Immanuel Sibero
>> >
>> >
>> >
>> > "Jesse Aufiero" <(E-Mail Removed)> wrote in message
>> > news:(E-Mail Removed)...
>> >> Can you suggest an alternative to Access that is more secure?
>> >>
>> >>
>> >> "Phillip (formerly "theriaup")"
>> >> <(E-Mail Removed)> wrote in message
>> >> news:30C98C14-E877-447E-84AF-(E-Mail Removed)...
>> >> > Generally, if you can get in through the front-end you can also get
> in
>> >> > through the back-end.
>> >> >
>> >> > First read the Access Security FAQ at
>> >> > http://support.microsoft.com/support...ent/secfaq.asp to
> learn
>> >> > how
>> >> > to secure your database.
>> >> >
>> >> > If you give users a login/password to access the system, anyone with
>> >> > the
>> >> > know-how could log into the Access database directly. If you just
>> >> > hard-code
>> >> > the login/password into the application, it can be cracked to find
> the
>> >> > string
>> >> > where you store it and then they could still get in.
>> >> >
>> >> > The best solution would be to follow the steps in the FAQ, create a
> new
>> >> > group with minimal rights, and create users for that group that have
> a
>> >> > login/password you can give out to whoever needs it. You can
>> >> > prevent
>> >> > those
>> >> > users from having design permissions inside the database, but
>> >> > they'll
>> >> > still
>> >> > be able to see the data (again, only if they know how to get into a
>> >> > secured
>> >> > Access database).
>> >> >
>> >> > "Jesse Aufiero" wrote:
>> >> >
>> >> >> I intend to use an access file as the backend for my very
> data-driven
>> >> >> vb.net
>> >> >> application. I need to secure this file so that it can only be
> access
>> > by
>> >> >> a
>> >> >> user through the vb.net front end. How can I secure the mdb file
>> >> >> so
>> > that
>> >> >> no
>> >> >> one can look at it thru the 'back door'?
>> >> >>
>> >> >> Thanks!
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >
>> >
>>
>>
>
>

Jesse Aufiero wrote:
> MSDE seems like overkill anyway. The database size will not be large
> and the sql stmnts will be relatively simple.
>
> Access is a good solution in all respects except one: it doesn't seem
> secure enough. There's got to be a way to store data outside my
> vb.net application, query that data from my app, write data to that
> data source from my app, and prevent hackers from accessing that data
> source directly.

My standard advice... If the data needs to be secured form "users" then it
should not be in an MDB file.

Is this an app being run on a corporate network? If so SQL Server or MSDE
is not "overkill". What are the data security needs concerning the users of
the app? Whose data is it?

--
I don't check the Email account attached
to this message. Send instead to...
RBrandt at Hunter dot com

Jesse,

As long as you're considering standard commercial data format (i.e. mdb,
dbf, etc.), there's probably always going to be a back way.
Have you looked into encryption? I would think this might give you a whole
host of possibilities that would suit your need. You could encrypt the data,
the file, or both.

Immanuel Sibero




"Jesse Aufiero" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> MSDE seems like overkill anyway. The database size will not be large and
> the sql stmnts will be relatively simple.
>
> Access is a good solution in all respects except one: it doesn't seem
secure
> enough. There's got to be a way to store data outside my vb.net
> application, query that data from my app, write data to that data source
> from my app, and prevent hackers from accessing that data source directly.
>
>
> "Immanuel Sibero" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> >
> >> of the .Net frmwrk) and had a number of problems installing it. It
made
> > me
> >> wonder 'if I can't install it on my own machine manually, how will i
> > deploy
> >> it with my application!'.
> >
> >
> > Agreed. It's not the easiest. I think MS has a whole slew of information
> > (articles, documentation, etc.) on embedding MSDE/SQLExpress within your
> > applicaton. Personally, I have installed MSDE manually (painfully, as
you
> > mentioned), but have never deployed it as part of an app.
> >
> >
> > Immanuel Sibero
> >
> >
> >
> > "Jesse Aufiero" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >> I thought you might say that. I tried MSDE (I'm developing for version
> > 1.1
> >> of the .Net frmwrk) and had a number of problems installing it. It
made
> > me
> >> wonder 'if I can't install it on my own machine manually, how will i
> > deploy
> >> it with my application!'.
> >>
> >>
> >> "Immanuel Sibero" <(E-Mail Removed)> wrote in message
> >> news:(E-Mail Removed)...
> >> >
> >> > Jesse,
> >> >
> >> > You can try MSDE or SQL Server Express (free download from MS).
> >> >
> >> > Immanuel Sibero
> >> >
> >> >
> >> >
> >> > "Jesse Aufiero" <(E-Mail Removed)> wrote in message
> >> > news:(E-Mail Removed)...
> >> >> Can you suggest an alternative to Access that is more secure?
> >> >>
> >> >>
> >> >> "Phillip (formerly "theriaup")"
> >> >> <(E-Mail Removed)> wrote in message
> >> >> news:30C98C14-E877-447E-84AF-(E-Mail Removed)...
> >> >> > Generally, if you can get in through the front-end you can also
get
> > in
> >> >> > through the back-end.
> >> >> >
> >> >> > First read the Access Security FAQ at
> >> >> > http://support.microsoft.com/support...ent/secfaq.asp to
> > learn
> >> >> > how
> >> >> > to secure your database.
> >> >> >
> >> >> > If you give users a login/password to access the system, anyone
with
> >> >> > the
> >> >> > know-how could log into the Access database directly. If you just
> >> >> > hard-code
> >> >> > the login/password into the application, it can be cracked to find
> > the
> >> >> > string
> >> >> > where you store it and then they could still get in.
> >> >> >
> >> >> > The best solution would be to follow the steps in the FAQ, create
a
> > new
> >> >> > group with minimal rights, and create users for that group that
have
> > a
> >> >> > login/password you can give out to whoever needs it. You can
> >> >> > prevent
> >> >> > those
> >> >> > users from having design permissions inside the database, but
> >> >> > they'll
> >> >> > still
> >> >> > be able to see the data (again, only if they know how to get into
a
> >> >> > secured
> >> >> > Access database).
> >> >> >
> >> >> > "Jesse Aufiero" wrote:
> >> >> >
> >> >> >> I intend to use an access file as the backend for my very
> > data-driven
> >> >> >> vb.net
> >> >> >> application. I need to secure this file so that it can only be
> > access
> >> > by
> >> >> >> a
> >> >> >> user through the vb.net front end. How can I secure the mdb file
> >> >> >> so
> >> > that
> >> >> >> no
> >> >> >> one can look at it thru the 'back door'?
> >> >> >>
> >> >> >> Thanks!
> >> >> >>
> >> >> >>
> >> >> >>
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>

Access encryption is only as secure as the database password, no? If the
database password is cracked, encryption doesn't help much, isn't that the
way it works in Access?

If you're referring to some other kinds of encryption, I'm all ears as to
what they are. Are there methods outside of what Access provides that may
help me here?


"Immanuel Sibero" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Jesse,
>
> As long as you're considering standard commercial data format (i.e. mdb,
> dbf, etc.), there's probably always going to be a back way.
> Have you looked into encryption? I would think this might give you a whole
> host of possibilities that would suit your need. You could encrypt the
> data,
> the file, or both.
>
> Immanuel Sibero
>
>
>
>
> "Jesse Aufiero" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> MSDE seems like overkill anyway. The database size will not be large and
>> the sql stmnts will be relatively simple.
>>
>> Access is a good solution in all respects except one: it doesn't seem
> secure
>> enough. There's got to be a way to store data outside my vb.net
>> application, query that data from my app, write data to that data source
>> from my app, and prevent hackers from accessing that data source
>> directly.
>>
>>
>> "Immanuel Sibero" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> >
>> >> of the .Net frmwrk) and had a number of problems installing it. It
> made
>> > me
>> >> wonder 'if I can't install it on my own machine manually, how will i
>> > deploy
>> >> it with my application!'.
>> >
>> >
>> > Agreed. It's not the easiest. I think MS has a whole slew of
>> > information
>> > (articles, documentation, etc.) on embedding MSDE/SQLExpress within
>> > your
>> > applicaton. Personally, I have installed MSDE manually (painfully, as
> you
>> > mentioned), but have never deployed it as part of an app.
>> >
>> >
>> > Immanuel Sibero
>> >
>> >
>> >
>> > "Jesse Aufiero" <(E-Mail Removed)> wrote in message
>> > news:(E-Mail Removed)...
>> >> I thought you might say that. I tried MSDE (I'm developing for
>> >> version
>> > 1.1
>> >> of the .Net frmwrk) and had a number of problems installing it. It
> made
>> > me
>> >> wonder 'if I can't install it on my own machine manually, how will i
>> > deploy
>> >> it with my application!'.
>> >>
>> >>
>> >> "Immanuel Sibero" <(E-Mail Removed)> wrote in message
>> >> news:(E-Mail Removed)...
>> >> >
>> >> > Jesse,
>> >> >
>> >> > You can try MSDE or SQL Server Express (free download from MS).
>> >> >
>> >> > Immanuel Sibero
>> >> >
>> >> >
>> >> >
>> >> > "Jesse Aufiero" <(E-Mail Removed)> wrote in message
>> >> > news:(E-Mail Removed)...
>> >> >> Can you suggest an alternative to Access that is more secure?
>> >> >>
>> >> >>
>> >> >> "Phillip (formerly "theriaup")"
>> >> >> <(E-Mail Removed)> wrote in
>> >> >> message
>> >> >> news:30C98C14-E877-447E-84AF-(E-Mail Removed)...
>> >> >> > Generally, if you can get in through the front-end you can also
> get
>> > in
>> >> >> > through the back-end.
>> >> >> >
>> >> >> > First read the Access Security FAQ at
>> >> >> > http://support.microsoft.com/support...ent/secfaq.asp to
>> > learn
>> >> >> > how
>> >> >> > to secure your database.
>> >> >> >
>> >> >> > If you give users a login/password to access the system, anyone
> with
>> >> >> > the
>> >> >> > know-how could log into the Access database directly. If you
>> >> >> > just
>> >> >> > hard-code
>> >> >> > the login/password into the application, it can be cracked to
>> >> >> > find
>> > the
>> >> >> > string
>> >> >> > where you store it and then they could still get in.
>> >> >> >
>> >> >> > The best solution would be to follow the steps in the FAQ, create
> a
>> > new
>> >> >> > group with minimal rights, and create users for that group that
> have
>> > a
>> >> >> > login/password you can give out to whoever needs it. You can
>> >> >> > prevent
>> >> >> > those
>> >> >> > users from having design permissions inside the database, but
>> >> >> > they'll
>> >> >> > still
>> >> >> > be able to see the data (again, only if they know how to get into
> a
>> >> >> > secured
>> >> >> > Access database).
>> >> >> >
>> >> >> > "Jesse Aufiero" wrote:
>> >> >> >
>> >> >> >> I intend to use an access file as the backend for my very
>> > data-driven
>> >> >> >> vb.net
>> >> >> >> application. I need to secure this file so that it can only be
>> > access
>> >> > by
>> >> >> >> a
>> >> >> >> user through the vb.net front end. How can I secure the mdb
>> >> >> >> file
>> >> >> >> so
>> >> > that
>> >> >> >> no
>> >> >> >> one can look at it thru the 'back door'?
>> >> >> >>
>> >> >> >> Thanks!
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
>