1

We have several applications in Access/VBA (2013, 64 bits) and the data is stored locally and we want to start saving the data in SQL Server over the network, but connection credentials are visible inside Access and over the network when using ADO.

We only have one password to access the sqlserver (ex. user: s1234, pass: 12345)

I found this post -> How to securely store Connection String details in VBA here in stack overflow, but I easily decompiled the dll generated as described in that thread using .NET Reflector 9.0 and I was able to see the credentials in clear text (it doesn't fit as a secure solution to our problem).

Is there a solution to this using Access or how can I hide (encrypt) these credentials using only access or using a DLL. Is there a solution to this?

Other resources I looked:

Thanks!

Martijn Pieters
  • 1,048,767
  • 296
  • 4,058
  • 3,343
Georges
  • 11
  • 3
  • 1
    Do you have to use SQL Server authentication? Why not Windows authentication? – Comintern Jan 27 '17 at 20:32
  • The company where I work is very unflexible with the sqlserver configuration. I think windows authentication would be best, but at this moment that is not an option. they only allow us to have one account that is dbowner. We, in a certain way, have to use access because there are a lot of automated tasks in Internet Explorer and Attachmate Extra. I read that in C# there's a way to encrypt the connection string, but I have no idea at all about that. I'm starting to learn c# this year so that we can migrate these applications. – Georges Jan 30 '17 at 16:25

1 Answers1

0

I publish my Access applications as .accde, which conceals the source code. Other than that, I'm not so sure there is a surefire way to encrypt your connection strings. If security is a major concern with you Access database, it might be worth looking into setting Windows authentication on your SQL server or migrating your application to a web-based application in something like C#.net

Steve W
  • 416
  • 1
  • 3
  • 19
  • With a quick google search I found that accde can be decompiled with services like: http://www.utteraccess.com/forum/unlocking-access-accde-fi-t1947839.html It could be a short term solution but I find it insecure. There are also other online services that provide this "decompile" service. Accde to accdb – Georges Jan 30 '17 at 16:20