Hi,
In the VB projects that use Access Databases, its found that the user is able to access the database directly (manually) ie by reaching the file and double clicking it open.
But, what all can i do to prevent the user from directly accessing and using the database? What are the options to do it?

You can put a password on the database file so you can't just double click to open it.
Then you would provide the password in your Connection string in VB6 (when connecting to the database) using PWD:flibble (if your password is flibble, that is...)

You can put a password on the database file so you can't just double click to open it.
Then you would provide the password in your Connection string in VB6 (when connecting to the database) using PWD:flibble (if your password is flibble, that is...)

I know that already, but is there any other way or idea ?

Not really - you can't really secure an Access file much other than that. Unless you use some sort of Windows directory access and use the front end under a different user which has permissions to the database path which your usual user does not (hope I've made myself clear?) - unsure if that would work or not.

But I think using the password is as much as you can do - just making the password as secure as possible is best - and when you hardcode the password into the code, use the Chr() commands for the characters instead so it's not easily read if the EXE is read using some sort of reverse engineering method or something.

I have never tried this while using ADO but I do know that DAO does not care what the extension of the file is as it checks for the contents of the file, i.e. change databasename.mdb to databasename.abc. and even with the password this is easy enough to get around by a determined user.

Another way is to encode the file is by something like RSA encryption algorithms. This method would be real secure while your program is not running but when it is there is nothing you can do. I say there is nothing you can do because there are so many programs out there that can watch the system that when you go to write the database to disk even with a fake extension, the user will know what, when, and where you are doing your actions. Then when you open the database these systems/programs will also notify the user of every string/command/byte passed back and forth between the program/db engine/database that they will easily read the password. Then all they have to do is to stop your kill command to delete the decoded database when you are exiting your program and then they will have access to it and all its data.

So in the end, there is only so much you can do but no matter which way you go...

Good Luck

I sure need someone to help me which is muct like this, I create a connection string as below :

Public Function initdb()
Set ws = DBEngine.Workspaces(0)
Set db = ws.OpenDatabase(App.Path & "\Masterfile.mdb")
Set rs = db.OpenRecordset("Detail", dbOpenTable)
max = rs.RecordCount
Exit Function
End Function
***********************************
But when i lock the access table with password, I don't know how to change the connection string to open the database, would be very grateful if anyone help me.

Zela

This article has been dead for over six months. Start a new discussion instead.