How to prevent stealing data from MS Access?

[Mike]

Hi,

If protect MS Access with password it doesn't mean to much. On
internet, we can find plenty tools for opening forgotten passwords
etc.

I have a small aplication wit large amount of data and I can not begin
with selling process with protection like that.

Is there some solution of problem and how I can protect my data???
or
How I can give MS Access data someone to use it, but without
possibilties to steal data.

Thanks in advance.

Mike

 

[Baz]

You can't get industrial strength security in Access, and I understand that
Access workgroup-based security has been completely removed from Access
2007.

To get decent security you are going to have to use SQL Server as your
database engine.

However, it's pretty difficult to stop people stealing your data whatever
security you use: people need to have access to the data in order to use the
system (otherwise what's the point?) so if they can access the data they can
steal it. Using SQL Server you could restrict user permissions to stored
procedures only, but this implies that you will need to use unbound forms,
in which case there's little point in using Access at all (unless you are
going to use an ADP, bu that's a whole other can of worms).

 

[Scott McDaniel]

You can't get industrial strength security in Access, and I understand that
Access workgroup-based security has been completely removed from Access
2007.

To get decent security you are going to have to use SQL Server as your
database engine.

I don't know that you HAVE to use SQL Server ... there are plenty of other database engines out there which are secure
as well. That said, SQL Server Express would certainly be a good suggestion for a small number of users.

Here's a listing of Open Source database:
http://www.geocities.com/mailsoftware42/db/

There's also SQLite: www.sqlite.com.

If you want to stick with Access, you could build routines that encrypt/decrypt the data as it goes into and out of the
database ... this would mean that you would actually store encrypted data (so anyone opening the file or linking to it
would see gibberish), but your program would decrypt it and display it. This means moving to a fully unbound
application, of course, and would certainly cause a performance decrease.

However, it's pretty difficult to stop people stealing your data whatever
security you use: people need to have access to the data in order to use the
system (otherwise what's the point?) so if they can access the data they can
steal it. Using SQL Server you could restrict user permissions to stored
procedures only, but this implies that you will need to use unbound forms,
in which case there's little point in using Access at all (unless you are
going to use an ADP, bu that's a whole other can of worms).

Scott McDaniel
scott@takemeout_infotrakker.com
www.infotrakker.com

 

[Mike Mueller]

I was thinking the same things, either SQL Express or routines to
encrypt/decrypt data on the fly.

Currently one of my employers is encrypting the databases we distribute, as
we have had data theft in the past. As ours runs on a subscription and time
limited basis, the 'freshness' date is a portion of the key, so last months
won't work this month and vice versa