Results 1 to 8 of 8
  1. #1
    4 Star Lounger
    Join Date
    Jun 2001
    Posts
    531
    Thanks
    0
    Thanked 0 Times in 0 Posts

    security & permission problem (97)

    security & permission problem
    hi,
    I

  2. #2
    Gold Lounger
    Join Date
    Feb 2001
    Location
    Sint Niklaas, Belgium
    Posts
    2,778
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: security & permission problem (97)

    Arage,
    here I'm back. Sorry, from time to time a have to do something to earn a little bit of money.

    You say you have to enter a second password ? Seems like you have secure your back-end with a different MDW file then that from the Front-end. If so you have to start over the securing of the back-end and this with the same MDW file as your Front-end.

    What is that thing of Open table Passwords ?
    Passwords are stored in the MDW file and never in a MDB file and are not accessible to users. Is this a table you created ? Why ?
    Francois

  3. #3
    4 Star Lounger
    Join Date
    Jun 2001
    Posts
    531
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: security & permission problem (97)

    well Francois,
    when I started by system I had no clue how to use workgroups & security so I went about making my own password form in my front end, this is an important form for me b/c it gives different users different menus based on the ID & password they entered. I use a PASSWORD table in my backend to hold the data. Users should not go into my backend open that table up & view different passwords, but they must have read access to it when they

  4. #4
    Gold Lounger
    Join Date
    Feb 2001
    Location
    Sint Niklaas, Belgium
    Posts
    2,778
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: security & permission problem (97)

    In My point of view, you will have to remove all your security programing.
    If you want to give users different menus you can do that.
    CurrentUser will give you the name the user use to log in.
    Tis is a sample
    <pre>Select Case CurrentUser
    Case "Arage"
    code to show menu's of arage
    Case "Francois"
    Code to show menu's of Francois
    Case Else
    Code to throw the user out of the application
    End Select
    </pre>

    Even better would be to base your code on groups and see ifthe CurrentUser is member of the group. If a user leave the company or a new user is coming in, the only thing you have to do is remove or add him to a group.
    I don't remember the code to see if a user is member of a group, but a have a look in my mdb's and let you know.
    Francois

  5. #5
    4 Star Lounger
    Join Date
    Jun 2001
    Posts
    531
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: security & permission problem (97)

    that

  6. #6
    Super Moderator
    Join Date
    Aug 2001
    Location
    Evergreen, CO, USA
    Posts
    6,623
    Thanks
    3
    Thanked 60 Times in 60 Posts

    Re: security & permission problem (97)

    Actually, it shouldn't be very hard to apply access security to your back-end, and to explicitly not let users see the password table in the back-end. However, they do need to be able to see it in the front-end table enough to get past the login prompt with their legitimate userid and password. Your concerns are why Microsoft chose to put user IDs and passwords in a separate file - the system.mdw file and to encrypt them.

    BTW, there are some OCX controls and DLLs that will let you encrypt the password if you really want to.
    Wendell

  7. #7
    4 Star Lounger
    Join Date
    Jun 2001
    Posts
    531
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: security & permission problem (97)

    Wendell,
    I

  8. #8
    Super Moderator
    Join Date
    Aug 2001
    Location
    Evergreen, CO, USA
    Posts
    6,623
    Thanks
    3
    Thanked 60 Times in 60 Posts

    Re: security & permission problem (97)

    Probably the most secure way is to write VBA to switch security to the master account in order read the password table and compare it with the one the user has typed in. You could even encrypt the database containing the password table. There is a fairly complete (and lengthy) discussion of this concept in the Access Developers Handbook by Ken Getz, et. al. In order to make sure users can't read your code and decipher the master password, you would need to make the front-end database an MDE.

    The bottom line however, is that that unless you implement the Access security model, a clever user will always be able to read your password table. Doing so isn't very difficult - just use the Security Wizard.
    Wendell

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •