Is encrypting “Microsoft Access database ” .accdb file could get it hacked

Question

I am using Visual Studio 2010 and Microsoft Access 2010 to develop a desktop application using C# programming language.

connection string is:

connectionString="Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|\\KBank.accdb;Persist Security Info=False"

and i give it the password in the C# code as follows:

 public string GetConnectionStringByName()
    {
        string returnValue = null;
        ConnectionStringSettings settings = ConfigurationManager.ConnectionStrings["Info_Bank_Project.Properties.Settings.KBankConnectionString"];
        if (settings != null)
            returnValue = settings.ConnectionString + ";Jet OLEDB:Database Password=blablabla";
        return returnValue;
    }

i have used the database in the project in just one simple "Select" query.

so, concerning to the security issue.. can any one decrypt the access database or see the password? and what is your suggestion to make it hard for any one to see the database data

Answer 1

No, your data is not safe, since anyone can inspect your code using an MSIL decompiler and retrieve your connection strings from your app. There will be a point at some point in your process where someone has the possibility of seeing that password, whether it's in memory, in reflection, or something else.

If you have data that is in the possession of someone other than you, not on your servers, then you can assume you no longer have control over that data.

Now, with all that said, you can make it harder for them to get to by encrypting the database file and obfuscating your code.

Answer 2

This is little old thread, My experience on this issue might help someone. You can create C++ DLL with the strong password located inside it, then call it from C# app to encrypt/Decrypt methods with the data base file name.

Answer 3

Why not just put the password in your app.config and encrypt the app.config.

See here