Database encryption is separate from Microsoft Jet security in that it’s not part of the security model. Rather, it’s a function provided by the engine, which you can use to encrypt the database file at the operating-system level.
If a database isn’t encrypted, it’s possible for a person to use a disk or file editor to view the contents of the file. Even though the representation of your data and object definitions may be hard to read, the data is there. Also, a knowledgeable person could use a disk or file editor to read the SID of the database owner or the SID of the Admins group in use when the database was created. Given that SID, a person could assume ownership of the database and do anything he or she wanted. For these reasons, it is recommended that you encrypt your database if you want to protect against this potential problem.
If you look at pages in an unencrypted database, you would see something similar to this:
Figure 10.4 An unencrypted database
You can see that some of the database’s contents are visible. However, after you encrypt the database, the same page would look like this:
Figure 10.5 An encrypted database
This version is obviously unreadable: Microsoft Jet has encrypted every byte in the database file.
Encryption works on the entire database file, not just table data. Microsoft Jet reads and writes data one “page” at a time. These pages, each consisting of 2,048 bytes of data, are encrypted as units.
Only the owner of the database, or a member of the Admins group of the workgroup information file in use when the database was created, can encrypt or decrypt that database. Due to the overhead of encrypting and decrypting, there is a performance degradation of approximately 10% to 15% in encrypted databases. Encrypted files are also essentially uncompressible using compression software such as that included with MS-DOS. This is because compression relies upon repeated patterns in the data, and encryption effectively removes any patterns.
Note For database encryption, Microsoft Jet uses the RSA Data Security Incorporated RC4 algorithm with a 32-bit key per 2K page.
See Also For more information about encrypting and decrypting database, see Chapter 13, “Optimizing Performance.”