Is encrypting “Microsoft Access database ” .accdb file could get it hacked

0
votes

I am using Visual Studio 2010 and Microsoft Access 2010 to develop a desktop application using C# programming language.

connection string is:

connectionString="Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|\KBank.accdb;Persist Security Info=False"

and i give it the password in the C# code as follows:

 public string GetConnectionStringByName()
    {
        string returnValue = null;
        ConnectionStringSettings settings = ConfigurationManager.ConnectionStrings["Info_Bank_Project.Properties.Settings.KBankConnectionString"];
        if (settings != null)
            returnValue = settings.ConnectionString + ";Jet OLEDB:Database Password=blablabla";
        return returnValue;
    }

i have used the database in the project in just one simple "Select" query.

so, concerning to the security issue.. can any one decrypt the access database or see the password? and what is your suggestion to make it hard for any one to see the database data

3
c#databasems-accesspassword-encryption
People can use tools like ILSpy to view your C# code. You can try obfuscation but personally it's not worth it IMO. If the data is that valuable then don't let it leave your control. If it is just to stop accidental tampering then what you have done is enough.Shaun Wilde
@ShaunWilde no its not valuable , thanksHassanation
@MitchWheat i don't know if there is a tool to do that or not, it is the 1st time to use MS Access instead of MS SQL serverHassanation
Theoretically, anybody who can disassemble your code, run it in a debugger, or run it in a virtual machine will be able to gain access. Or guess the passphrase, of course. Perhaps strings binary.exe | grep -i password will suffice; have you checked?tripleee
there are many tools (some free I believe) that can unprotect a password protected Access DB: msaccesspasswordrecovery.netMitch Wheat

3 Answers

3
votes

No, your data is not safe, since anyone can inspect your code using an MSIL decompiler and retrieve your connection strings from your app. There will be a point at some point in your process where someone has the possibility of seeing that password, whether it's in memory, in reflection, or something else.

If you have data that is in the possession of someone other than you, not on your servers, then you can assume you no longer have control over that data.

Now, with all that said, you can make it harder for them to get to by encrypting the database file and obfuscating your code.

3
votes

This is little old thread, My experience on this issue might help someone. You can create C++ DLL with the strong password located inside it, then call it from C# app to encrypt/Decrypt methods with the data base file name.

1
votes

Why not just put the password in your app.config and encrypt the app.config.

See here