Thread: Advice on securing a sensitive Access database
View Single Post
  #5  
Old April 10th, 2008, 11:10 PM posted to microsoft.public.access.forms,comp.databases.ms-access
Les Desser
external usenet poster
  
Posts: 45
Default Advice on securing a sensitive Access database
In article sOqLj.23706$4O1.6011@trnddc03, Larry Linson
Thu, 10 Apr 2008 15:58:16 writes

[...]

Thank you for your comprehensive response.

Also thanks to the other posters for their ideas.

The background is that the Access application has been developed over
many years and it is not really viable to re-write it.

Due to the prospect of some commercially sensitive data being now stored
in the database, it has become desirable to secure the data.

I do not have major concerns about the Access front end as

1. the staff using it are trustworthy
2. the data would have to be extracted table by table
3. the front-end is an MDE and I think I can securely (reasonably) hide
the table view.

To steal the data via the front end (or an alternative front end once
Access security had been broken) would be non-trivial and they would
have to work within the office (as the data would be encrypted).

My main concern is how to, on the one hand, encrypt the data on the
server (TrueCrypt?) so that if the server is stolen the data cannot be
read, and on the other hand, allowing the Access front end to read the
decrypted data but somehow blocking access to the decrypted data to the
Windows file copy facility.

As far as I can see, once the decrypted data is visible to the PCs
running the Access front end, it is also a matter of a few seconds to
copy the whole decrypted data mdb using Explorer.

I regret that I don't have more encouraging words for you.

Sounds like I have a problem
--
Les Desser
(The Reply-to address IS valid)