Encrypting an .mdb file

[dmay]

Could someone explain what the encrypt/decript menu item
does in Access. Does it encrypt table data so someone
opening the encrypted database with Access would not be
able to read the data unless they had Admin privledges...
or does it have no affect on someone opening the database
with Access. I looks like it only works for someone trying
to read the .mdb with a text processor... is this true. Is
there any way to encrypt the table data. I know very
little about encryption so any info would be appreciated.
Thanks

 

[Rick Brandt]

Could someone explain what the encrypt/decript menu item
does in Access. Does it encrypt table data so someone
opening the encrypted database with Access would not be
able to read the data unless they had Admin privledges...
or does it have no affect on someone opening the database
with Access. I looks like it only works for someone trying
to read the .mdb with a text processor... is this true. Is
there any way to encrypt the table data. I know very
little about encryption so any info would be appreciated.
Thanks

As I understand it, it doesn't have any affect when the file is opened in
Access. It is to prevent people from viewing the file with Notepad or a
simple hex editor program.

 

[Bruce M. Thompson]

Could someone explain what the encrypt/decript menu item

does in Access. Does it encrypt table data so someone
opening the encrypted database with Access would not be
able to read the data unless they had Admin privledges...
or does it have no affect on someone opening the database
with Access. I looks like it only works for someone trying
to read the .mdb with a text processor... is this true. Is
there any way to encrypt the table data. I know very
little about encryption so any info would be appreciated.
Thanks

As Rick notes in his response, database encryption only makes it difficult to
read data using an ascii file reader, such as notepad or a word processor, or a
hex editor. Database encryption is normally done when you implement Access
user-level security so that the data cannot be read by unauthorized users from
either Access or the ascii file approach. It does, however, tend to cause a
performance hit due to the time required to decrypt from within Access.

Access user-level security (combined with encryption, as noted above) is the
usual method used when you need to deter unauthorized access to data (it's not
perfect, but is sufficient for most applications). For more information about
that approach, you can read/acquire the Access Security FAQ at
http://support.microsoft.com/default.aspx?kbid=207793.

There are also code algorithms, such as "blowfish" that are extremely effective
and require some advanced knowledge of VBA. You can check out the following:

http://www.di-mgt.com.au/crypto.html

You can also go to http://www.planetsourcecode.com/ and do a "Quick Search" at
the top of the page for "Blowfish" in language "Visual Basic". It is my
understanding that many of the available Blowfish implementations work in
VBA/Access although I do not have first-hand experience with this.

 

[TC]

Adding to what Bruce said:

If Access encryption is enabled, Access (really, Jet) encrypts each 2kb page
of information as it is written to the mdb file, and decrypts each 2kb page
of information as it is read back from the mdb file. (I say "information",
because the page might contain table data, index data, program code, or
anything else that is stored within the mdb file.) The encryption/decryption
is performed automatically, "on the fly". Jet does not create a temporary
decrypted copy of the mdb file, for example.

The difference with extenal encryption products (eg. Blowfish written in
VBA), is that you can not get the encryption/decryption process to happen
"on the fly". You would have to take the Blowfish-encrypted copy of the mdb
file; decrypt it into a temporary "working" file; use that "working" file
with Access; then finally, get all the users out of the "working" file;
close the "working" file; create a new encrypted copy of the "working" file
then delete the unencrypted "working" file.

So there are many points where the process falls down (from a crypto
viewpoint), if you try to use other products to encrypt an Access database

during normal running operation<.

If you only want to encrypt it for the purpose of transmitting it to someone
else, the easiest way is probably to get a VBA implementation of RC4 - often
called ARCFOUR (for trademark infringement reasons), & encrypt it with that.
Then send it on, & the other person can decrypt it using the same VBA code,
and the encryption key that you supply. RC4 is one of the algorithms used by
Jet internally. However, if you use your own encryption key (when you
encrypt the mdb file seperately), it can not be decrypted using the normal
Access decription option, because that option uses different keys.

HTH,
TC