This is completely outside anything I've ever worked with, so please excuse me if this isn't the right forum for this question:
Our company uses an encrypt/decrypt component on its website that functions perfectly provided you only use it AT the website. I've been asked to link an Access 2000 backend to the web data, so I need to be able to decrypt the encrypted strings in-house and haven't the first idea of how to accomplish it.
The component is called DyncuEncrypt (www.dynu.com) and they offer this code on their site:
Set oEncryptor = Createobject("Dynu.Encrypt")
Dim sEncrypted, sDecrypted As String
REM Encrypt the value of a string.
sEncrypted = oEncryptor.Encrypt("This is something.", "somepassword")
MsgBox(sEncrypted)
REM Decrypt the value of a string.
sDecrypted = oEncryptor.Decrypt(sEncrypted, "somepassword")
MsgBox(sDecrypted)
Set oEncrypt = nothing
but I don't know how to install the dll locally so Access can use it here. Have tried everything they say on their website, but it looks like this is intended to be run only on a webpage.
Can anyone give any pointers as to whether what we need is even possible with this component
Importing Encrypted Web Data to Local Database
richardfc
The return datatype of the function is not explicitly declared.
Function Encrypt(strText as String) as Dynu.Encrypt
Dim oEncryptor as Dynu.Encrypt
Set oEncryptor = New Dynu.Encrypt
Encrypt = oEncryptor.Encrypt(strText, "somepassword")
End Function
Function Decrypt(strCipher as String) as String
Dim oDecryptor as Dynu.Encrypt
Set oDecryptor = New Dynu.Encrypt
Decrypt = oEncryptor.Decrypt(strCipher, "somepassword")
End Function
...and you want to call a function inside a query Use stored procedures or triggers and pass parameters that way.
Adamus
berandor
Should be "as String" and not "as Dynu.Encrypt". But I hardly think that would make it work It is definatly better to be as explicit in declaration as possible. Increases readability and can help avoid some strange cast/type bugs.
If you have an idea how stored procedures and triggers could help in this particular case I would suggest you try to explain it a bit further so the original poster gets helped with the problem.
Alistair Peterson
Andreas: Thanks SO much for your reply! That did the trick with Access, of course.
As to the larger security issue, I've been told the "password" (key) will reside in a table someplace and not on the actual asp page (don't know how much, if any, help that will be security-wise, though).
Question: Is hacking into a website and gaining access to asp pages something that's commonly known as an easy thing to do
Herman Schutte
rw,
I am not an access developer so I do not think I can help you further with that bit. I knew just enough to help with the first bit. I do not even know if what you suggest is possible.
Since this is more VBA than .NET data access maybe this forums is more suitable to repost your question about function in queries.
http://forums.microsoft.com/MSDN/ShowForum.aspx ForumID=74&SiteID=1
Martin Hellspong
In access you can add modules that are like VB modules, functions and code. I am using Office 2003 so it might differ if you have another version.
Add a new module or open an existing that you want to add Encrypt/Decrypt for and then choose References under the Tools menu. There you should be able to check the Dynu.Encrypt COM object. This will make your code recognize the 3rd party tool.
Now you can add code like
Function Encrypt(strText as String)
Dim oEncryptor as Dynu.Encrypt
Set oEncryptor = New Dynu.Encrypt
Encrypt = oEncryptor.Encrypt(strText, "somepassword")
End Function
Function Decrypt(strCipher as String)
Dim oDecryptor as Dynu.Encrypt
Set oDecryptor = New Dynu.Encrypt
Decrypt = oEncryptor.Decrypt(strCipher, "somepassword")
End Function
This might help you get an idea how to do it.
This way of "encrypting" data is weak. The sample encourages you to have the "password" in plaintext on the website. If somebody hacks the website they will easily retrieve the password used to encrypt the data and will have access to all.
The component seem to use triple DES and claim it will take 3 million years to crack it. It takes me less than a minute if I can retrieve the password by hacking the website and peek into the ASP pages. It took a single off-the-shelf computer 22 hours to bruteforce crack the RSA challenge for triple DES back in 1999.
http://www.eff.org/Privacy/Crypto/Crypto_misc/DESCracker/HTML/19990119_deschallenge3.html
Fiaz Hussain
It is always tradeoff how secure a webserver gets. A well setup and patched server should not be easy to get in. Many exploits rely on security holes discovered long time ago that also has patches available but isn't applied by the system admins.
You also need to consider all applications running on a server, IIS is one but every website and its scripts (like this forum software) on it is also a possibility to use to get into a server.
Raven TGC
Andreas:
One final question regarding your code sample, please: I tried adding the code to Access as a "module", and keep getting error "user defined type not defined". The references box is checked and the code works as it is if I place it inside a form, but I would like to create an encrypt/decrypt function that I can call inside a query instead of a form.
Is this possible I can work around it, if not, but it seems like it should be....
Thanks, again!
-rw-