Secure ACCESS Encryption Method

Secure Access Encryption Method

Xu Changyou

Microsoft's ACCESS database is one of our commonly used desktop data. Most small and medium-sized enterprise database management systems can use it, but its security is still worrying. Imagine a financial management system, what will happen if the user directly opens the database to change the data? Some systems may only change the ACCESS database extension or add a password. As we all know, there are many methods and tools to crack the ACCESS database! Therefore, such encryption is just as annoying. Next we will introduce a simple method to encrypt ACCESS data for your reference.

Open the MDB file with UltraEdit and you can see the content of the first 16 bytes of the file:
00 01 00 00 53 74 61 6E 64 61 72 64 20 4A 65 74
Now you can change a few items at will and use ACCESS to open the file. It is found that different file formats are incorrect, because the information saved before ACCESS is the definitions and passwords of some MDB files. If you change the content, it is hard for others to see the format of the database and cannot open it. In this way, the database content will not be changed and the original data will not be damaged.

The following uses Delphi as a simple encryption solution program:
 
The encryption functions used are as follows:

Const
Titlestr: array [0 .. 15] of byte =
($00, $01, $00, $00, $53, $74, $61, $ 6E, $64, $61, $72, $64, $20, $ 4A, $65, $74); // the first 16 bytes of the MDB File
Titlestr2: array [0 .. 15] of byte =
($48, $ 4A, $00, $58, $55, $43, $48, $41, $ 4E, $47, $59, $ 4F, $55, $00, $20, $20); // write the first 16 bytes of the modified MDB file, such as your company name or your name.
Produce EncrypMDB (filename: string); // use titlestr2 to replace the first 16 bytes of MDB for encryption.
Var F: TFileStream;
Begin
If not fileExists (filename) then exit;
F: = TFileStream. create (filename, fmopenwrite );
Try
F. seek ($00, soFromBeginning );
F. Write (titlestr2, 16 );
Finally
F. free;
End;
End;
Produce uncrypMDB (filename: string); // restore the first 16 bytes of MDB
Var F: TFileStream;
Begin
If not fileExists (filename) then exit;
F: = TFileStream. create (filename, fmopenwrite );
Try
F. seek ($00, soFromBeginning );
F. Write (titlestr, 16 );
Finally
F. free;
End;
End;

We know that a locked file (. ldb file) will appear after opening the ACCESS database. Because we also need to use the database, we must restore the database during use.
If the data is not encrypted after restoration, you can copy the MDB file and open it with ACCESS or other tools. Therefore, the data should be encrypted before and after the data is opened to ensure data security.
You can use Delphi to connect to a database using ADO:

// Restore data so that you can use the database
Copyfile (pchar (APP_path + '/data/account. db'), pchar (app_path + 'data/temp. db'), false); // app_path indicates the current directory of the program, account. db is an MDB file that has changed its extension.
UncrypMDB (App_path + 'data/temp. db ');
Copyfile (pchar (App_path + 'data/temp. db'), pchar (APP_path + '/data/account. db'), false );
Adoconn. connectionstring: = 'provider = Microsoft. jet. OLEDB.4.0; Data Source = '+ App_path +' data/account. db; Persist Security Info = false'; // adocon is a TADOConnection component.
Try
Adoconn. connected: = true;
Except
MessageBox (handle, 'a fatal error occurred when opening the database !!! ', 'Error', MB_ OK + MB_ICONERROR );
End;
// Encrypt it immediately after it is turned on
Copyfile (pchar (APP_path + '/data/account. db'), pchar (app_path + 'data/temp. db'), false); // app_path indicates the current directory of the program, account. db is an MDB file that has changed its extension.
EncrypMDB (App_path + 'data/temp. db ');
Copyfile (pchar (App_path + 'data/temp. db'), pchar (APP_path + '/data/account. db'), false );
Deletefile (App_path + 'data/temp. db ');
The above two temporary files are used because there is a problem when the database is opened and then directly writes the MDB, and you cannot determine how many users have opened the program.
The entire program shares a TADOConnection. The MDB file is restored only when the database connection is enabled. The MDB files are always encrypted at other times! It is generally difficult for users to know what an MDB file is!

After opening the database, there will be a. ldb file with ACCESS and other words for the type. If you don't want to see what it is, modify the registry, for example:
Reg: = Tregistry. Create;
Try
Reg. rootkey: = hkey_classes_root;
Reg. openkey ('. ldb ');
Reg. writestring ('', 'tempfile ');
Finally
Reg. closekey;
Reg. Free;
End;
In this way, the file type you see is tempfile.

Note: all the databases used above refer to Access 2000. For other versions, I think they should be similar. Try it on your own. If you have any better method or suggestions, welcome to exchange: yousoft@chinaren.com