[RESOLVED] How to secure local database? Encrypt/Obscurication/Compile?

[experience]

Hi, i currently use an access password protected database to store my app data.

However there are several apps that can reveal access database passwords so i'm looking into securing the data, so if someone found out the database password the data would be scrambled.

My app regularly reads and writes to the database and i need something that isnt going to massively affect the speed of my app.

Can anyone recommend the best way to secure the data or recommend a different database type that is secure and compatible with all versions of windows?

[dunfiddlin]

The fact that this is a local database leads me to the obvious conclusion that someone will only have access to it if they also have access to your app. If that is the case they will, if they discover the password, have the means of decrypting/unobscuring/decompiling (not that I'm confirming that all or any of those things are possible) and reading the data also at hand so I'm really not sure what there is to be gained here. If this was an online or network database then you would obviously use a server based system such as SQLServer with all the advantages of the server's security system.

[Shaggy Hiker]

I agree with dunfiddlin. If the user has your DB, and has your code, then any security is going to be somewhat limitted. Password protecting an Access DB seems like a reasonable option for light protecion. There is a slightly stronger variation for Access, but as long as they have your code, they have your connection string, which will include enough information to crack either scheme.

On the other hand, pretty nearly everything is crackable, so the question is how much security you want, because you can't have enough to stop everyone.

Encryption, in particular, is not going to do much for you other than slowing down your program. Whatever is encrypted would have to be decrypted by your code to work, so it will be accessible at some point.

[experience]

I've attached data files from 2 of my competitors - data.tqs & data.dat

Please try and read the data - You cant!

I'm not going to spend hours decompiling their source code, they've done enough to secure it from prying eyes

I know someone somewhere could decompile it but it wouldnt be worth the hassle for the data it contains

My competitor doesnt need to even look into my sourcecode to get into my database -encrypting my connection strings is pointless!
A quick google and they can reveal the access database password in minutes http://tinyurl.com/brxmrbc

What i want is to obscurificate the data in my access database so should it be viewed will not mean anything to anyone but a good cracker!

[experience]

I've found this which is for sqlite databases http://sqlcipher.net/

Basically something like this for access databases is what i'm looking for

[Shaggy Hiker]

But to what end? That can encrypt a database separate from your code, but if your program is making use of the database and your program is on the computer, then you will still have decryption based on your code. If that's ok, and you are just trying to keep a person from getting to the data without your program, then that would be a good solution, but at that point, a password on the DB is probably good enough, also.

[experience]

If you take my exe.program out of the situation and someone has a database file which in this case is an access database, they can open it and access all the data.

You can password protect the database with the longest password you want, but someone can download an app and easily retrieve the password in minutes

They dont have to have your exe.program at all to do this... so the weak part is access

So from my point of view, access pritty much has practically no protection.

I've looked into Sqlite and think i'm going to give that a try, from what i have read the whole database can be encrypted. I know its not 100% foolproof as the weakness is in the data being transferred from the DB to the exe.program but to infiltrate that you are going to have to know a thing or 2!

Overall your app is going to be much more secure in the public domain!