Locking down your Access Database by Carl McDade

Notice anything strange about the above connection string? The file extension is *.asp rather than the usual *.mdb. The next step is to use the database encryption tool in Access. Why do this? Well just changing the extension name to *.asp will jumble the contents of the db. But a lot of it is still ledgible. If you are trying to protect passwords then one or more will be visible.This is because the web browser opens and tries to read the faked ASP file. Encrypting the file will stop any other program with the exception of Access and ASP code from reading the file. The database unencrypted. After encryption you will get an ASP tags not found error.

1. Encrypt the database
2. Rename the file from *.mdb to *.asp
3. Use a DSNless connection to connect to the database file.

• One might try "save target as" the file then remove the encryption. In all cases both Netscape and Internet Explorer refused to do this.
• The db cannot be downloaded because since the ASP file does not really exist. The visitor gets the standard IIS5 error page and no url. In the case of IIS4 one may get a code error message:

  Active Server Pages error 'ASP 0116'
  Missing close of script delimiter /mcdade/db1.asp, line 4
  The Script block lacks the close of script tag (%>).

• The dsnless connection to the db file still works regardless of the file extension used in the connection string. This is a bug in the system but it is a useful one.
• Using encryption on a MS Access database slows down the database by 15%, according to Microsoft
• Using script tags within the database records seems to have no effect on the protection system. Because encryption does not allow the file to be read by any program other than MS Access

Neat trick huh?.