| |
| |
|
Access
Data Encryption Seminar
Make the
data in your tables unreadable
|
| |
|
In my
Access Security
Seminar, I teach you everything you need to know to lock down
and secure your Access front-end database. You can set up users
and groups, control who has access to what forms and reports, keep a log
tracking activity, and lock down your database design so nobody can make
changes or see your VBA code.
The problem is that your back-end
database file (your tables) has to remain open and exposed.
Anybody who knows Access can find it and poke around in your data.
Unless you have a database server (like SQL Server or Oracle) on your
network, you have no other way of locking down your data. Anybody who
knows Access can see anything. Not good.
In this seminar, I teach you how to
hide your data by encrypting it. If anybody happens to find
your Access tables, all they will see is unreadable gibberish.
Meanwhile, the database will seamlessly translate that gibberish
into real data for the users of your database who have access to view
and edit it.
Oh, and as a side note, you can also
use this technique to send encrypted emails to people too. I cover
sending emails in my Access
329 and
Security Seminar classes.
|
Learn More...
Click on the video image to the
right to learn more about exactly what's covered in this
seminar. The video is about 4 minutes long and fully
explains everything that's discussed. Then, continue reading the
course outline below if you have further questions. |
 |
|
|
4 minutes |
|
| |
|
Seminars
- Access Data Encryption |
|
Description: |
Learn how to scramble the data in your tables so that nobody
else can see sensitive information if they happen to get into
your back-end database. |
|
Versions: |
I will
use Access 2010,
however the lessons are valid for all versions of Access back to
2000 with some minor cosmetic differences. |
|
Pre-Requisites: |
This course is a followup to my
Access
Security Seminar. There is also a lot of VBA
used, so you would do well to have taken my
Access 300-level
courses too. |
|
Running Time: |
58 minutes |
|
Cost: |
$39 - Order
multiple courses to receive a discount up to 50% off |
|
|
|
This
seminar has several goals. You will:
1.
Learn how to scramble data in your tables to hide
sensitive information
2.
Convert text characters to their ASCII equivalent values
and back
3.
Perform mathematical obfuscation on your data
4.
Control access to the form that handles the encryption / decryption
We will begin by building a simple
customer table that will hold all of our information. The public
information (name, address, etc.) that doesn't need to be encrypted will
just have a single field. The private data (credit limit, notes, etc.)
will have an extra field for the encrypted value.
We'll set up a public customer form - again with just the data
that everyone can see (in this case, just the customer's name). We'll
make a button to open a private form that has the secret data. Now, I
show you how to control WHO can gain access to these records inside the
database in my
Security Seminar. In that Seminar you learn how to set up user
and group accounts, and control who can see what forms, reports, and
data.
Then we'll build a second form to show the private data. There
will be VBA code that runs when the form opens that decrypts
(unscrambles) any hidden data (in this case, the credit limit and
notes). Then when the user clicks the "Save & Close" button, those
fields are encrypted again and the data saved to the table. I'll show
you how to lock this form down so the user MUST click on your
Save button to close it, which runs your code.
Now if anyone happens to come across your back-end database file that
contains your tables, all they will see is gibberish in the table
itself. The actual data has been wiped, and they see garbage.
This solution isn't perfect. Someone can still erase or edit your data.
That's one of the problems with Microsoft Access... the back-end tables
aren't secure. This solution, however, will allow you the best possible
means for keeping people from viewing sensitive data in your database
without having an actual database server. Of
course, if you have any questions about whether or not this seminar is
for you, please contact me.
Access Data Encryption Seminar - Outline
00. Intro (5:02)
01. Lesson 1 (9:06)
Set up the database
Set up customer table with encryption fields
Create customer form for public data
Create customer form for encrypted data
02. Lesson 2 (9:37)
Button to open encrypted form
Encrypt Function
Creating a public function in a module
ASCII values & table
ASC() Function
For Next Loop
Mid() Function
03. Lesson 3 (9:41)
Convert Integers to String Values
CStr() Function
Len() Function
Const Keyword to create Constants
Key Values to Mathematically Obfuscate Data
04. Lesson 4 (9:40)
Convert String Values to Integers
CInt Function
Converting ASCII Values to Characters
CHR() Function
Convert to Currency Values
CCur() Function
MsgBox Command
Global Constants
05. Lesson 5 (7:59)
Decrypt Function
Reversing the Encryption Procedure
For Next Step
Deleting actual data from the table
06. Lesson 6 (7:58)
Save & Close Button
&& to get one &
DoCmd.Close Command
Decrypt the data when the form loads
OnCurrent Event
Hide the Encrypted Fields
Visible Property
Control how users can close the form
Only allow closing form with your button
Form Properties
Navigation Buttons
Record Selectors
Scrollbars
Control Box
Close Button
Max Min Buttons
Pop Up
Modal
|
|
| |
| |
Student Interaction:
Access Data Encryption Seminar
|
Richard on 6/13/2012:
Access is a great database program, however one of the problems with it is that you can't really secure your data very well. Unless you have a database server (like Microsoft SQL Server) this is a problem for sensitive data. You can lock up your forms, reports, and VBA code (and I show you how in my Security Seminar), but the data is still out there unprotected.
In this seminar, I teach you how to lock down the data in your tables so that nobody can see your private information unless they're allowed to. Scramble & encrypt sensitive data to keep it from prying eyes. This is a good solution for securing data without the need for an expensive database server platform. You'll learn how to:
1. Scramble data in your tables to hide sensitive information
2. Convert text characters to their ASCII equivalent values and back
3. Perform mathematical obfuscation on your data
4. Control access to the form that handles the encryption / decryption
Click here for more information on the ACCESS DATA ENCRYPTION SEMINAR. |
Rick on 6/13/2012: Now that you're finished with this class, please take a few short minutes to complete our STUDENT SURVEY and let us know what you thought of the lessons!
|
Richard on 6/13/2012: My sample database has been uploaded to the Student Database Folder. You can grab a copy if you don't want to type in all of my code, although I do recommend you TYPE IN THE CODE as I build it... you'll learn better that way. The file is password protected. As a reminder, you can find the password by logging on to your account and looking at your course listing.
|
Richard on 6/13/2012: There is a TON more you could do with this concept. For example, in one of my databases, instead of using a set of 2 keys to encrypt the database, I actually use a whole PASSWORD so that the data gets changed based on a rotating list of values (the ASCII values of the letters in the password). It makes it VERY difficult, if not impossible, for anyone to decrypt. If anyone wants to see this, let me know. If enough people post here, I'll make an add-on video.
|
Deon R on 6/26/2012: Hi Richard,
I trust you are well.
I've just worked through this seminar and built the sample database. Fab! Most enjoyable. I alse made the Encryption Module (Public function global); made an Asset Register form with a lot more values and encrypted quite a few fields. Had to include an On Error Resume Next 'handler' in the code and it works just fine. My question as follows: how could I set up a continuous form to display all the de-encrypted data for a report printout and then encrypt all the records in one go. I've tried this and the form only shows one record. I know I'm still a novice' Access student but if this is possible, I'm sure there must be more of us out there that would love to know how to do this.
Yes we would love to see an add on lesson with PASSWORD encryption etc.
The more the better I say.
Cheers for now Richard and kindest regards,
Deon
Reply from Richard Rost:
Deon, I'm glad you enjoyed the seminar.
How about an UPDATE QUERY. This might actually work faster (and better) for you. Run the update query with your decryption function, generate your printout, then make sure you run another update query to delete all of the decrypted field data. Three buttons on a form would work perfectly for this.
The only problem is that your data is potentially exposed WHILE you're running the printout (between update queries). If you're THAT concerned about security, you could run a Make Table Query and drop it to a temporary table in your local database (assuming you have split front- and back-ends).
Hope this points you in the right direction.
|
Deon Riley on 6/27/2012: Hi Richard,
Thanks for the advice and I shall give it a go.
Cheers,
Deon
|
shams Momin on 7/23/2012: Hi Richard I am trying to bulid Encrypt some field in my table on my form when i hit encrypt button i get erro Variable not defineed I removed Option Explicit from my code still i did not get my result I got fiel is text and memo field.
Reply from Richard Rost:
Shams, without seeing your code I can't tell you what's wrong. Try taking it a step back. Use Msgbox or debug.print statements to look at your variables each step of the way.
|
James Gray on 4/23/2013: Rick,
Will queries and functions that depend on data in encryted tables be able to use this data or will it have to be decdoded before using it?
Reply from Richard Rost:
You'll have to decode the data before ANYTHING can use it, which is why you need to take specific care to decode each record as you load it into a form. It's not a perfect solution, but it's the best solution available for JUST Access.
|
James G on 4/25/2013: I think at one point you suggested to use a make table query to load the decoded data into, use it for whatever purpose then destroy that table when done, right?
Reply from Richard Rost:
Sure. That works.
|
|
|
| |
|
You may want to read these articles from the 599CD News: |
|
|
|
