Results 1 to 4 of 4
  1. #1
    Join Date
    Oct 2003
    Posts
    103

    Unanswered: Data Encryption - pseudo secured database

    OK, so I have a database that I've created a pseudo security in. Meaning it starts with a switchboard which requires sign in, and all menus etc. are disabled on startup. I am going to disable the bypass startup options or at least change them (I don't remember how we did this previously, but I've seen it done). This because I don't like the whole workgroup thing, and I also make a number of changes to forms and functionality based on the "authoritylevel" of the login.

    That said, the username/password are stored in a table, and would be accessable through linked tables or something if someone knew how to do this. That's really not the big concern because most of the data in the database is available to all of the users - I just want to keep them from mucking with things.

    However, I would like to encrypt the username/password, and now am considering adding Credit Card information - which some customers ask us to keep on file. I don't want people putting that into an excel spreadsheet - which is what people tend to do so, I want to create a table for cc data that has [contactuid], [cctype],[ccname],[ccnumber], and [ccvcode] - all of which should be encrypted (which may mean I'll need a [encryptionindex] or some such as well) with the exception of contactuid. Similarly, I want to encrypt a single record if possible, or alternatively encrypt all of the [value] field in a tblglobalconstants. That single record would hold a password for opening the form to view unencrypted cc data. I would use the same form, but "add new record only" for inputting the data.

    OK, so that's a lot of information, but the point is that I have no idea where to find a module or library function to perform this functionality - and I am assuming that my approach is "reasonably" secure (for a local network only, which has network security for who has access to the database in the first place).

    Any ideas on where I can find what I am looking for? I really don't want to create my own - lame - algorithm.

    Thanks

  2. #2
    Join Date
    Dec 2002
    Location
    Préverenges, Switzerland
    Posts
    3,740
    google CAPICOM
    it's a simple to use .COM wrapper on M$ crypto stuff. i use it all the time for hashing, but havent needed the full encrypt/decrypt cycle so i can't offer any detail on that.
    it downloads free from M$ if you /user doesn't have it. i late bind to it but it also references well.

    izy
    currently using SS 2008R2

  3. #3
    Join Date
    Dec 2002
    Location
    Préverenges, Switzerland
    Posts
    3,740
    ahhh!
    just followed my own advice and googled to see what's new with CAPICOM and bumped into this on M$ site:

    Note Beginning with Windows Vista, CAPICOM is no longer supported.

    now that IS a drag! i've just implemented two apps depending heavily on CAPICOM hashing and am working on a third as we speak. fortunately my lot are so slow we wont be on Vista before i retire, so maybe it's not my issue.

    what i don't see (yet) is any denial of CryptoAPI, so maybe there is a way through with some uglier calls.

    izy
    currently using SS 2008R2

  4. #4
    Join Date
    Oct 2003
    Posts
    103

    Still Trying to figure that out

    I'm still trying to get some time to read through this. It looks somewhat complicated. I was hoping there was just a module I could install, and a certain format for table convention that I'd need to follow.

    I'll keep reading, but hopefully someone will have a simple solution as well.

    Thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •