 |
|
| Computers Forum Index » Computer - Databases - MS Access » Securing data... |
|
Page 1 of 1 |
|
| Author |
Message |
| Finn Stampe Mikkelsen... |
 Posted: Thu Nov 05, 2009 6:15 am |
|
|
|
Guest
|
Hi
Is there anyway to prevent an accdb from being opened in Access or any other
application, other than the one it's intended for??
I know i can password protect the file, but that is almost a joke, since i
can download 1000 different tools that recover that password for anyone to
use. Encryption seem also not to be the answer, since access still can open
the darn thing..
All i want is for tha database not to be able to opened other than with the
C# appz i'm coding to use it... It that possible or do i have to use my own
data encryption and leave the file open to look at the garble-de-gook of
encrypted data left in the file, only my appz can decrypt before use...
/Finn
--
Der er 10 slags mennesker - Dem som forstår binær og dem som ikke gør.
There are 10 kinds of people. Those who understand binary and those who
don't.
Es gibt 10 Arten von Menschen. Die, die Binär verstehen, bzw. die, die es
nicht tuhen. |
|
|
| Back to top |
|
|
|
| Tom van Stiphout... |
| Posted: Thu Nov 05, 2009 6:15 am |
|
|
|
Guest
|
On Thu, 5 Nov 2009 02:59:59 +0100, "Finn Stampe Mikkelsen"
<stampe at (no spam) city.dk> wrote:
It depends on how strong you want that protection to be. In one case I
wrote an AutoExec macro in the back-end database, with a:
Msgbox "Yo! You shouldn't be here. This db is only for use with the
XYZ app"
DoCmd.Quit
and that helped a lot. But it's not foolproof, of course.
Also, in many jurisdictions the data belongs to the owner/licensee of
the app, and you as the manufacturer of the app do not have the right
to make that data unavailable.
-Tom.
Microsoft Access MVP
Quote: Hi
Is there anyway to prevent an accdb from being opened in Access or any other
application, other than the one it's intended for??
I know i can password protect the file, but that is almost a joke, since i
can download 1000 different tools that recover that password for anyone to
use. Encryption seem also not to be the answer, since access still can open
the darn thing..
All i want is for tha database not to be able to opened other than with the
C# appz i'm coding to use it... It that possible or do i have to use my own
data encryption and leave the file open to look at the garble-de-gook of
encrypted data left in the file, only my appz can decrypt before use...
/Finn |
|
|
| Back to top |
|
|
|
| The Frog... |
| Posted: Thu Nov 05, 2009 9:26 am |
|
|
|
Guest
|
If you are looking for data to be secured from people with malicious
intent then you could always introduce a cryptographic function to
encrypt the data so that it can only be 'read' from your application.
Simple XOR shifting might even be enough to deter casual snoopers -
although a programmer would probably get through that in under 60
seconds. The more capable the advesary or the greater the risk the
stronger you need to protect your data.
As Tom says, it really depends on what you are trying to do.
The Frog |
|
|
| Back to top |
|
|
|
| Finn Stampe Mikkelsen... |
| Posted: Thu Nov 05, 2009 2:56 pm |
|
|
|
Guest
|
Quote: On Thu, 5 Nov 2009 02:59:59 +0100, "Finn Stampe Mikkelsen"
stampe at (no spam) city.dk> wrote:
It depends on how strong you want that protection to be. In one case I
wrote an AutoExec macro in the back-end database, with a:
Msgbox "Yo! You shouldn't be here. This db is only for use with the
XYZ app"
DoCmd.Quit
and that helped a lot. But it's not foolproof, of course.
Also, in many jurisdictions the data belongs to the owner/licensee of
the app, and you as the manufacturer of the app do not have the right
to make that data unavailable.
The copyright of the is mine, would i therefore not be the owner of supplied
data with the app?? I can se how data created with the app could be the
owner/licensee, but data supplied with the program (ergo not
compiled/created by the owner) should not be covered by that...
What i want to prevent, is actually that the data supplied by the copyright
holder, is not used as basis for another program doing essential the same
thing. I could password protect the data, but that has no value. 10 seconds
and that password is broken..
So i need to do it another way and my advisary would be a programmer. it
sounds like i need to do a data encryption algorythm to encrypt the data.
..NET provides great classes for that, but i wondered if there where an
already inplace security i could have used instead..
/Finn |
|
|
| Back to top |
|
|
|
| David W. Fenton... |
| Posted: Fri Nov 06, 2009 1:30 am |
|
|
|
Guest
|
"Finn Stampe Mikkelsen" <stampe at (no spam) city.dk> wrote in
news:4af2a131$0$271$14726298 at (no spam) news.sunsite.dk:
Quote: The copyright of the is mine, would i therefore not be the owner
of supplied data with the app??
Depends on what you mean by "supplied data." We generally don't
consider forms/reports/modules/macros to be "data".
Basically, if it's in the back end, it belongs to the client.
If it's in the front end, it belongs to the developer.
Obviously there can be exceptions to that, but the principle is
pretty clear -- the contents of the data tables belong to the
client.
Now, if you're using metatdata stored in tables to drive your app,
then that would belong to you, but I'd question why that would be in
the back end and not the front end (e.g., the switchboard table is
always in the front end, given that changes to it are specific to
the application part of the app). If you have data tables that you
are supplying to the client and that drive your app, then I'd say
those data tables belong in the front end.
But if the client is adding data to those tables or altering the
existing data, that transforms the situation into something much
foggier. However, I'd say that scenario sounds like a design error.
In the abstract, it's very difficult to come up with a principle
that covers all cases, but the law in the US is very explicit that
data belongs to the people who created it and copyright in the
application to the programmer. And both of those default assumptions
can be overridden by a contract that sets different terms.
Quote: I can se how data created with the app could be the
owner/licensee, but data supplied with the program (ergo not
compiled/created by the owner) should not be covered by that...
You're confusing copyright and ownership. Data cannot be
copyrighted, but it can be owned.
The data your customers insert into the tables behind your app is
their data. You have no legal or moral right to prevent them from
using it in any way they see fit. That doesn't mean you have to
support it, just that's it will get you in legal trouble if you try
to lock them out of their own data.
--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/ |
|
|
| Back to top |
|
|
|
| Finn Stampe Mikkelsen... |
| Posted: Fri Nov 06, 2009 2:00 am |
|
|
|
Guest
|
"David W. Fenton" <XXXusenet at (no spam) dfenton.com.invalid> skrev i meddelelsen
news:Xns9CBA9C9C8A72Df99a49ed1d0c49c5bbb2 at (no spam) 74.209.136.97...
Quote: "Finn Stampe Mikkelsen" <stampe at (no spam) city.dk> wrote in
news:4af2a131$0$271$14726298 at (no spam) news.sunsite.dk:
The copyright of the is mine, would i therefore not be the owner
of supplied data with the app??
Depends on what you mean by "supplied data." We generally don't
consider forms/reports/modules/macros to be "data".
The data your customers insert into the tables behind your app is
their data. You have no legal or moral right to prevent them from
using it in any way they see fit. That doesn't mean you have to
support it, just that's it will get you in legal trouble if you try
to lock them out of their own data.
To specify the situation...:
I have a database app, that presents pre-excisting data to a user. This data
is supplied with the app and is not ment for the user to edit. Alongside
this data, there is another database containing the user own additions to
the data.
What i wanted to encrypt was the data supplied with the app, to prevent
someone from using this data to create there own app, with similar
functionallity...
Real life example.. Picture a digital phone directory, with the option to
add comments in the seperate database to every directory entry. The data i
want to encrypt is the actual directory supplied with the program. i
could'nt really care less about the data created by the user..
Wether the data is in front-end or back end i have no idea of what you talk
about. Those concepts, datawise, are unfamiliar to me...
Besides that, this debate is off-topic in relation to the original posting,
concerning built-in ways to secure data in an accdb file. It seems not to be
a feature available...
/Finn |
|
|
| Back to top |
|
|
|
| David W. Fenton... |
| Posted: Fri Nov 06, 2009 6:15 am |
|
|
|
Guest
|
"Finn Stampe Mikkelsen" <stampe at (no spam) city.dk> wrote in
news:4af33cef$0$277$14726298 at (no spam) news.sunsite.dk:
Quote: "David W. Fenton" <XXXusenet at (no spam) dfenton.com.invalid> skrev i
meddelelsen
news:Xns9CBA9C9C8A72Df99a49ed1d0c49c5bbb2 at (no spam) 74.209.136.97...
"Finn Stampe Mikkelsen" <stampe at (no spam) city.dk> wrote in
news:4af2a131$0$271$14726298 at (no spam) news.sunsite.dk:
The copyright of the is mine, would i therefore not be the owner
of supplied data with the app??
Depends on what you mean by "supplied data." We generally don't
consider forms/reports/modules/macros to be "data".
The data your customers insert into the tables behind your app is
their data. You have no legal or moral right to prevent them from
using it in any way they see fit. That doesn't mean you have to
support it, just that's it will get you in legal trouble if you
try to lock them out of their own data.
To specify the situation...:
I have a database app, that presents pre-excisting data to a user.
This data is supplied with the app and is not ment for the user to
edit. Alongside this data, there is another database containing
the user own additions to the data.
Are these different data tables? What's the purpose of this data?
Does it like to the users' data?
Quote: What i wanted to encrypt was the data supplied with the app, to
prevent someone from using this data to create there own app, with
similar functionallity...
Oh, boo hoo. What makes you think your precious data is so fabulous
that somebody would want to "steal" it?
Or that somebody who knows what they are doing can't just look at
your app and recreate the data and the functionality just by
understanding what your app does?
Quote: Real life example.. Picture a digital phone directory, with the
option to add comments in the seperate database to every directory
entry. The data i want to encrypt is the actual directory supplied
with the program. i could'nt really care less about the data
created by the user..
Data cannot be copyrighted, so you don't have copyright on the data.
That's why so many reference databases are locked behind pay
firewalls, because once it's out, it's legal for anyone to use it.
Quote: Wether the data is in front-end or back end i have no idea of what
you talk about. Those concepts, datawise, are unfamiliar to me...
Then you must be a novice Access programmer. No properly designed
Access app puts the data tables and all the forms/reports/etc. into
a single file. Instead, the user interface objects are in the
front-end file and the data tables in a separate file, which the
front end links to.
This is bog standard structure for Access apps and always has been
(or, at least, as long as Access has offered linked tables, which
certainly predate Access 2.0).
Aside from the practical reasons for splitting the app, it's
logical, as the application part of your app is separated from the
data on which it operates.
In your case, the pre-supplied data might be better stored as part
of the application, or in a separate back-end data file (assuming
you're not enforcing RI between "your" data and your clients' data).
Quote: Besides that, this debate is off-topic in relation to the original
posting, concerning built-in ways to secure data in an accdb file.
It seems not to be a feature available...
There is no encryption built into Access.
But if you need encryption, I don't think you should be using an
ACCDB to store your data.
--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/ |
|
|
| Back to top |
|
|
|
| Finn Stampe Mikkelsen... |
| Posted: Fri Nov 06, 2009 6:15 am |
|
|
|
Guest
|
"David W. Fenton" <XXXusenet at (no spam) dfenton.com.invalid> skrev i meddelelsen
news:Xns9CBAD16A2770Ef99a49ed1d0c49c5bbb2 at (no spam) 74.209.136.90...
Quote: "Finn Stampe Mikkelsen" <stampe at (no spam) city.dk> wrote in
To specify the situation...:
I have a database app, that presents pre-excisting data to a user.
This data is supplied with the app and is not ment for the user to
edit. Alongside this data, there is another database containing
the user own additions to the data.
Are these different data tables? What's the purpose of this data?
Does it like to the users' data?
The app has not yet been programmed and is planned to be written in C# when
done. The data can be in different tables or in seperate databases. Makes no
difference to the application in the end..
The purpose of the data is as basis for a lookup. See it as a phonebook. It
is not actually a phonebook, but similar. The data the user could add, could
either be additional data to the records in the supplied data or complete
records to enhance the data that can be accessed.
Either way, the initial data needs to be compiled an that takes a lot of
time so i would not like others to just be able to use that data raw with
other apps. I really can't se how this in anyway could be illegal..
Quote:
What i wanted to encrypt was the data supplied with the app, to
prevent someone from using this data to create there own app, with
similar functionallity...
Oh, boo hoo. What makes you think your precious data is so fabulous
that somebody would want to "steal" it?
What kind of attitude is that. If you had a collection of data you had
assembled, would you not like to protect it. Anyway, since the application
would potentially be used by many, it would be subject to hacking. I really
don't think i need to justify this to you or any other.
Quote:
Or that somebody who knows what they are doing can't just look at
your app and recreate the data and the functionality just by
understanding what your app does?
Real life example.. Picture a digital phone directory, with the
option to add comments in the seperate database to every directory
entry. The data i want to encrypt is the actual directory supplied
with the program. i could'nt really care less about the data
created by the user..
Data cannot be copyrighted, so you don't have copyright on the data.
That's why so many reference databases are locked behind pay
firewalls, because once it's out, it's legal for anyone to use it.
Ï'm quite sure that you are correct as far as the use is restricted to the
app to which it is supplied. I don't think i can rip just any data supplied
with any software and use it for my own purpose and i am sure, that if i
used that data to create a clone app with similar functions and thereby try
to steal the market of the company that released the first app, that would
not be legal..
Quote:
Wether the data is in front-end or back end i have no idea of what
you talk about. Those concepts, datawise, are unfamiliar to me...
Then you must be a novice Access programmer. No properly designed
Access app puts the data tables and all the forms/reports/etc. into
a single file. Instead, the user interface objects are in the
front-end file and the data tables in a separate file, which the
front end links to.
I never, as far as i know, stated to have any experience with Access
programming what so ever. In fact i asked here, cause i believed that i
could get some help for that very same reason. You seem to have understood,
that the app i'm intending to write, will be written in Access itself. This
is not the case. It will be a DOT.NET C# app, standalone but using accdb
files... The reason for that is besides the point. I could use SQLExpress or
SQL Server, but the choice has been made to make it with an accdb database.
Quote:
Besides that, this debate is off-topic in relation to the original
posting, concerning built-in ways to secure data in an accdb file.
It seems not to be a feature available...
There is no encryption built into Access.
But if you need encryption, I don't think you should be using an
ACCDB to store your data.
That may very well be true. But SQL Server is not an option and i opted to
not use SQLExpress for reasons not important to this thread...
|
|
|
| Back to top |
|
|
|
| Salad... |
| Posted: Fri Nov 06, 2009 6:15 am |
|
|
|
Guest
|
David W. Fenton wrote:
Quote: There is no encryption built into Access.
I thought there is in A2007. I don't believe you can encrypt specific
tables or fields; it's all or nothing. |
|
|
| Back to top |
|
|
|
| David W. Fenton... |
| Posted: Sat Nov 07, 2009 12:33 am |
|
|
|
Guest
|
Salad <oil at (no spam) vinegar.com> wrote in
news:75ednehyvMB0Hm7XnZ2dnUVZ_qZi4p2d at (no spam) earthlink.com:
Quote: David W. Fenton wrote:
There is no encryption built into Access.
I thought there is in A2007. I don't believe you can encrypt
specific tables or fields; it's all or nothing.
Well, yes. There was that form of encryption built into all previous
versions of Jet that I know of (encryption was one of the parts of
securing with Jet ULS, since otherwise, your data and code is
viewable with a hex file viewer).
But it doesn't encrypt data in data fields, which is what I
understood the OP to be seeking.
--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/ |
|
|
| Back to top |
|
|
|
| David W. Fenton... |
| Posted: Sat Nov 07, 2009 12:56 am |
|
|
|
Guest
|
"Finn Stampe Mikkelsen" <stampe at (no spam) city.dk> wrote in
news:4af38c21$0$279$14726298 at (no spam) news.sunsite.dk:
Quote: "David W. Fenton" <XXXusenet at (no spam) dfenton.com.invalid> skrev i
meddelelsen
news:Xns9CBAD16A2770Ef99a49ed1d0c49c5bbb2 at (no spam) 74.209.136.90...
"Finn Stampe Mikkelsen" <stampe at (no spam) city.dk> wrote in
To specify the situation...:
I have a database app, that presents pre-excisting data to a
user. This data is supplied with the app and is not ment for the
user to edit. Alongside this data, there is another database
containing the user own additions to the data.
Are these different data tables? What's the purpose of this data?
Does it like to the users' data?
The app has not yet been programmed and is planned to be written
in C# when done. The data can be in different tables or in
seperate databases. Makes no difference to the application in the
end..
The purpose of the data is as basis for a lookup. See it as a
phonebook. It is not actually a phonebook, but similar. The data
the user could add, could either be additional data to the records
in the supplied data or complete records to enhance the data that
can be accessed.
Either way, the initial data needs to be compiled an that takes a
lot of time so i would not like others to just be able to use that
data raw with other apps. I really can't se how this in anyway
could be illegal..
Because the law says you can't copyright data. You could certainly
have license terms that allows you to take someone to civil court
for violating a contract, but that's not a criminal action.
It may not seem right to you, but that's the way it is.
And if you think through it, it *should* be that way.
Consider if somebody else had already compiled this data (presumably
from publicly available sources), and you wanted to use it but
didn't want to pay outrageous fees. So, you do all the hard work and
gather up the information from the same sources.
If data were copyrightable, the person who compiled it first would
get the copyright and you'd be in violation of it for compiling the
same data again. That would be wrong, particularly in the case where
the compilation is made from publicly available data sources.
Quote: What i wanted to encrypt was the data supplied with the app, to
prevent someone from using this data to create there own app,
with similar functionallity...
Oh, boo hoo. What makes you think your precious data is so
fabulous that somebody would want to "steal" it?
What kind of attitude is that.
Most people vastly overvalue their data. It's crucial to them, but
it's not all that valuable to others.
Quote: If you had a collection of data you had
assembled, would you not like to protect it.
It entirely depends on the nature of the data and how much work it
is to protect it, and how much risk there is that somebody would
want to "steal" it (I can't see how you can be too proprietary about
data you collected from elsewhere).
Quote: Anyway, since the application
would potentially be used by many, it would be subject to hacking.
I really don't think i need to justify this to you or any other.
My point is the same one that has been made with copy protection
over the years -- what it takes to "protect" from the hackers
generally only inconveniences the honest users. The hackers usually
figure out how to break whatever copy protection that's been set up
about a minute after they get their hands on it.
In the case of Jet/ACE, it's been cracked and any hacker would have
your data almost before you released it.
You could certainly use encryption to encrypt the data, but then you
have issues with needing to constantly encrypt search strings, which
means your encryption seed is going to be all over your code, and
unless you encrypt the code, it's going to be there right in plain
text.
Secondly, you're going to sacrifice the most efficient data storage
methods (AES and DES encrypted strings can be substantially longer
than their unencrypted values, while numbers end up being encrypted
as strings, so that you can't use the most efficient data types). If
you need to link data in your encrypted tables with the user data,
you're going to have no indexes available to you for encrypted
fields (unless you store the link in the user tables in the
encrypted form).
You're going to make your application less efficient and harder to
manage in order to protect something that maybe nobody gives a rat's
ass about.
Quote: Or that somebody who knows what they are doing can't just look at
your app and recreate the data and the functionality just by
understanding what your app does?
Real life example.. Picture a digital phone directory, with the
option to add comments in the seperate database to every
directory entry. The data i want to encrypt is the actual
directory supplied with the program. i could'nt really care less
about the data created by the user..
Data cannot be copyrighted, so you don't have copyright on the
data. That's why so many reference databases are locked behind
pay firewalls, because once it's out, it's legal for anyone to
use it.
Ï'm quite sure that you are correct as far as the use is
restricted to the app to which it is supplied. I don't think i can
rip just any data supplied with any software and use it for my own
purpose
No, because there's a license agreement that is a contract that
restricts you from doing that.
Quote: and i am sure, that if i
used that data to create a clone app with similar functions and
thereby try to steal the market of the company that released the
first app, that would not be legal..
It would not be illegal -- it would be a violation of the contract
in the license agreement by which you got access to the data in the
first place. They could sue you, but the police would not arrest
you.
But if the data they compiled is available publicly, and you
compiled it yourself (as opposed to using the copy from their
licenseed software), then they could not sue you. This is, by the
way, the reason that most of the companies that compile databases of
publicly available information seed a certain amount of fabricated
data so that if another database shows up with the same fabricated
data, it can be proven that it was used in violation of the terms of
use.
Quote: Wether the data is in front-end or back end i have no idea of
what you talk about. Those concepts, datawise, are unfamiliar to
me...
Then you must be a novice Access programmer. No properly designed
Access app puts the data tables and all the forms/reports/etc.
into a single file. Instead, the user interface objects are in
the front-end file and the data tables in a separate file, which
the front end links to.
I never, as far as i know, stated to have any experience with
Access programming what so ever.
You're posting in a newsgroup devoted to Access. I think it's quite
fair to assume that you're using Access.
Quote: In fact i asked here, cause i believed that i
could get some help for that very same reason. You seem to have
understood, that the app i'm intending to write, will be written
in Access itself. This is not the case.
Then why are you posting in comp.databases.ms-access?
Quote: It will be a DOT.NET C# app, standalone but using accdb
files... The reason for that is besides the point. I could use
SQLExpress or SQL Server, but the choice has been made to make it
with an accdb database.
If you used SQL Server you could get the security you want.
It's not my fault that you failed to specify your development
platform or posted in the wrong newsgroup.
Quote: Besides that, this debate is off-topic in relation to the
original posting, concerning built-in ways to secure data in an
accdb file. It seems not to be a feature available...
There is no encryption built into Access.
But if you need encryption, I don't think you should be using an
ACCDB to store your data.
That may very well be true. But SQL Server is not an option and i
opted to not use SQLExpress for reasons not important to this
thread...
Then there is actually no satisfactory answer to your question
because you've chosen to eliminate all the alternatives that would
allow you to do what you want.
That doesn't seem very smart to me.
--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/ |
|
|
| Back to top |
|
|
|
| David W. Fenton... |
| Posted: Sat Nov 07, 2009 12:58 am |
|
|
|
Guest
|
"Tony Toews [MVP]" <ttoews at (no spam) telusplanet.net> wrote in
news:4ai7f5p0bnqh6ak1q6nb4a2ptj9e2tn54s at (no spam) 4ax.com:
Quote: If under oh, say, 50 Mb, why not supply some sort of
encrypted text file and read the entire file into RAM into an
Enum. And see if it even needs to be sorted with a binary lookup
or not. Maybe running down 100K array sequentially is fast enough
for your requirements.
He seems to be fixated on using ACCDB as his data store.
And really doesn't want any actual advice, seems to me.
--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/ |
|
|
| Back to top |
|
|
|
| David W. Fenton... |
| Posted: Sat Nov 07, 2009 12:59 am |
|
|
|
Guest
|
"Finn Stampe Mikkelsen" <stampe at (no spam) city.dk> wrote in
news:4af231a5$0$280$14726298 at (no spam) news.sunsite.dk:
Quote: All i want is for tha database not to be able to opened other than
with the C# appz i'm coding to use it... It that possible or do i
have to use my own data encryption and leave the file open to look
at the garble-de-gook of encrypted data left in the file, only my
appz can decrypt before use...
I've been telling you for two days now that for the purpose you
want, ACCDB will not give you the security you rightly or wrongly
seek for your proprietary data. But you still insist on eliminating
all the other alternatives.
Do you want advice or not?
--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/ |
|
|
| Back to top |
|
|
|
|
|
All times are GMT
The time now is Sun Dec 06, 2009 9:46 pm
|
|