Results 1 to 3 of 3
  1. #1
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    austin, Texas, USA
    Posts
    1,029
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Password Generator add-on (Access 2K, Win2KPro, Office 2KPro)

    I am starting a project where I will need to periodically generate and load passwords for a webpage login screen. I think the easiest way to do this would be to set up something in Access that generates a password table as often as I need it. I can just tie it into the login page for verification after re-generating a password list. Ideally, I need a table with 10 rows for 10 divisions and another column to hold the auto-generated password. My people here are asking for something with alphanumeric output. I'd prefer something not completely random or unreadable but first of all, is there a package anyone knows of that can generate the basic table?

    TIA
    <img src=/S/compute.gif border=0 alt=compute width=40 height=20>

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Password Generator add-on (Access 2K, Win2KPro

    I suggest reading this article before unleashing your login page: Stop SQL Injection Attacks Before They Stop You in the September 2004 issue of MSDN Magazine. The sidebar Injection Testing might help, too.

  3. #3
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    austin, Texas, USA
    Posts
    1,029
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Password Generator add-on (Access 2K, Win2KPro

    thanks for the tips on SQL injection hacks. I've been thinking about one potential problem in my set up, viz., the login account is a dbo level access, which is not a good idea. unfortunately, the person who is maintaining the SQL Server is not that knowledgable about SQL Accounts, so it will take some thought and testing to get a better account setup for the basic connection to give Read and Update priveledges to specific tables in the server. I would like to create and use an account that allows the user to read a table, write/update to a table and, just to give myself flexibility, the ability to create and write to a TEMP table.

    The point about applying validation to login/password textboxes is interesting because, if I know what input is expected (ie, the length and chars of each field) it will be easy to filter out input that is not going to work. this will not only prevent hacks that require a lot of characters to work but will also stop unnecessary db connections from occurring. in my particular project for login/password, the website is on a Intranet and is not even going to be advertised beyond a select group of people in the company and I'm not expecting the people here to do stuff like try to launch SQL Injection attacks. OTOH, I have another large project that is open to the public and could definately be vulnerable. I think I can tighten things up significantly by giving access to the SQL Server on a limited priveledges account first, then look into other filtering strategies after that.

    As far as the original question I posted, I have already written a VBA module in Access that generates passwords and it works fine, so the original question is no longer relevant.

    Thanks, tho, for the info/tips!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •