Is it possible to encrypt the connection between frontend and backend ? (1 Viewer)

dhlao

Registered User.
Local time
Yesterday, 17:27
Joined
Dec 23, 2014
Messages
37
The plan is:
1. A password protected backend accdb place in the network share drive
2. Frontend accde connect to the backend by the below code. The variable "theHashPass" store the encrypted password
Code:
dbs.TableDefs(strTable).Connect = "MS Access;PWD=" & theHashPass & ";DATABASE=" & LnkDataBase
3. Backend detect a connection attempt to coming in. Decrypt the hashed password. Allow the frontend to link the table if the password is correct

If SSL can be use, then the step to hash password can omit.

I never heard any Access developer try this. Just want to know is it possible or not.
 

The_Doc_Man

Immoderate Moderator
Staff member
Local time
Yesterday, 19:27
Joined
Feb 28, 2001
Messages
27,001
If you are worried about someone tapping the traffic between FE and BE and it is over a network, look into the idea of connecting to that server using an IPSEC-based Virtual Private Network, which would be automatically encrypted - but it would be an all-or-nothing type of encryption.

The problem can also be addressed if you can establish an SMB 3.0 secured connection. Do a web search on SMB 3.0 and / or on Secure SMB. You might find some code samples to explain how to establish this through something in VBA (but no promises on that because I've not looked at it very much.)
 

Galaxiom

Super Moderator
Staff member
Local time
Today, 11:27
Joined
Jan 20, 2009
Messages
12,849
No matter what you do an Access backend will only even permit pseudo security because users can copy the backend file and take it away to hack.

Put the data on a database server and connect via ODBC which supports encrypted traffic.
 

dhlao

Registered User.
Local time
Yesterday, 17:27
Joined
Dec 23, 2014
Messages
37
Thanks to The_Doc_Man and Galaxiom
I think I'm going to choose SMB 3.0 as the backend accdb is store in Windows Server 2012.
I don't really care the user copy the backend accdb file. As my frontend accde won't show the location of it. They can copy it only if they know where it is. Anyway, Access can't compare to server grade database.
 

ButtonMoon

Registered User.
Local time
Today, 00:27
Joined
Jun 4, 2012
Messages
304
They can copy it only if they know where it is.
It's very easy for anyone to find out where your back end database is.

Anyway, Access can't compare to server grade database.
Exactly. You can have a secure database or you can have an Access database, but they are mutually exclusive. That's why adding point-to-point encryption and password security does more harm than good in my opinion - unless your intention is to deceive your customers/users into thinking that their data is safe when it really isn't.
 

The_Doc_Man

Immoderate Moderator
Staff member
Local time
Yesterday, 19:27
Joined
Feb 28, 2001
Messages
27,001
Sad but true, ButtonMoon. Access gives a gazillion great features but intrinsic data security ain't one of them.
 

Users who are viewing this thread

Top Bottom