Results 1 to 15 of 15
  1. #1
    Join Date
    Oct 2006
    Location
    New Kensington, PA
    Posts
    17

    Unanswered: Is it possible to Password protect a single form in an Access project?

    The project should be open to everybody except the "Maintenance Area" where all the lookup tables reside. Can this area be password protected from a main menu (form) with out setting up an entire usergroup/user/pw for the entire database. This application is used internally they but don't want to maintain userid's/passwords. The administrator will supply a id/pw that should remain static. Any thoughts?

  2. #2
    Join Date
    Mar 2003
    Location
    The Bottom of The Barrel
    Posts
    6,102
    Provided Answers: 1
    When you say Access project are you really referring to using MSSQL as a backend, or are you entirely within Access? The strategies available differ wildly depending on your intended meaning...
    oh yeah... documentation... I have heard of that.

    *** What Do You Want In The MS Access Forum? ***

  3. #3
    Join Date
    Oct 2006
    Location
    New Kensington, PA
    Posts
    17
    This project is straight Access and there is no MSSQL in house.

  4. #4
    Join Date
    Sep 2003
    Location
    MI
    Posts
    3,713
    Yes it is possible. You can make a form to accept and verify the password ... Invoke this password form from the form to be protected. If the password is incorrect, you can do whatever you want ...
    Back to Access ... ADO is not the way to go for speed ...

  5. #5
    Join Date
    Jun 2005
    Location
    Richmond, Virginia USA
    Posts
    2,763
    Provided Answers: 19
    You might want to take a look here:

    http://www.databasedev.co.uk/button_security.html
    Hope this helps!

    The problem with making anything foolproof...is that fools are so darn ingenious!

    All posts/responses based on Access 2003/2007

  6. #6
    Join Date
    Dec 2002
    Location
    Préverenges, Switzerland
    Posts
    3,740
    if you use the example code from Missinlinq's link

    get a freebie hex editor from the net and search for
    'assword'
    in the MDB or
    61 00 73 00 73 00 77 00 6F 00 72 00 64
    in the MDE

    you see what is shown in the .GIF below.

    does a password-embedded-in-a-form approach provide you with the security you need? your decision.

    izy
    Attached Thumbnails Attached Thumbnails secure.gif  
    currently using SS 2008R2

  7. #7
    Join Date
    Jun 2005
    Location
    Richmond, Virginia USA
    Posts
    2,763
    Provided Answers: 19
    Come on, Izy! You're beginning to sound like the Department of Homeland Security! All security needs to be based on what you're securing and who you're securing it from! One of the design gurus, Theo Mandel maybe, made the comment the other day that programmers need to remember that they're not designing apps for other programmers to use, but rather apps for the everyday person to use! The average end user wouldn't know a hex editor from a hex screwdriver! And as most of us here know, any security scheme man can devise can be circumvented by man!
    Hope this helps!

    The problem with making anything foolproof...is that fools are so darn ingenious!

    All posts/responses based on Access 2003/2007

  8. #8
    Join Date
    Sep 2003
    Location
    MI
    Posts
    3,713
    Quote Originally Posted by Missinglinq
    Come on, Izy! You're beginning to sound like the Department of Homeland Security! All security needs to be based on what you're securing and who you're securing it from! One of the design gurus, Theo Mandel maybe, made the comment the other day that programmers need to remember that they're not designing apps for other programmers to use, but rather apps for the everyday person to use! The average end user wouldn't know a hex editor from a hex screwdriver! And as most of us here know, any security scheme man can devise can be circumvented by man!
    Iz's comment isn't particularly evil ... Just an observation on a hradcoded pwd ... Now, what I DO IS EVIL ... And it too is a hardcoded pwd but, an evil one ... Wanna know what and how?
    Back to Access ... ADO is not the way to go for speed ...

  9. #9
    Join Date
    Oct 2006
    Location
    New Kensington, PA
    Posts
    17
    You got me interested in an Evil way!

  10. #10
    Join Date
    Sep 2003
    Location
    MI
    Posts
    3,713
    Quote Originally Posted by LBorowiec
    You got me interested in an Evil way!
    Ok ... I have posted on this before ... But again:

    Make a variable for your password.
    Seed this variable with your password. VERY IMPORTANT: Make the password something that is not a word Ex: W4fd9Ou7nnGq

    Here's the EVIL part: Surround the password (or even break up the password into parts) with garbage characters and words:

    4890tyuoeriyu49849eoiu498yupgerW4fd9Ou7nnGqdflkghj ro;y58yo9geori5oiuorgGomerDoofusBachHandelGrigBeet hovenGrimaldiIzyRiderTeddyLanceArmstrong

    Now, where and what is that password???? Positively EVIL.

    What you do is write an extraction routine to pull the password from that string to do your check with ... With a suitably long password and an embedded field to pick from, any hacker will be an old man before cracking it ...

    Oh, and I insist on my passwords being 10 or more digits long.
    Back to Access ... ADO is not the way to go for speed ...

  11. #11
    Join Date
    Dec 2004
    Location
    Madison, WI
    Posts
    3,926

    Password

    Does this attachment help in any way?
    Attached Files Attached Files
    Expert Database Programming
    MSAccess since 1.0, SQL Server since 6.5, Visual Basic (5.0, 6.0)

  12. #12
    Join Date
    Sep 2003
    Location
    MI
    Posts
    3,713
    P.S. the words at the end are teasers to throw off would be violators ...
    Back to Access ... ADO is not the way to go for speed ...

  13. #13
    Join Date
    Mar 2003
    Location
    The Bottom of The Barrel
    Posts
    6,102
    Provided Answers: 1
    Have you people never heard of one way encryption? Store a hash in hard code if you MUST store something hard coded...
    oh yeah... documentation... I have heard of that.

    *** What Do You Want In The MS Access Forum? ***

  14. #14
    Join Date
    Dec 2002
    Location
    Préverenges, Switzerland
    Posts
    3,740
    i'm not knocking hard-coded plaintext passwords. i wanted to illustrate that they are vulnerable to an attack that doesn't require extraordinary skills. they can be a valid choice if they meet your security requirements.

    enough security is, by definition, enough.

    Mike's suggestion is a big improvement (though on it's own it doesn't stop a user sharing the password with the unGodly).

    i use hash(NetLoginName & Password & SaltDerivedFromMDE). NSA can walk in whenever they want. Normal folk cannot.

    izy
    currently using SS 2008R2

  15. #15
    Join Date
    Sep 2003
    Location
    MI
    Posts
    3,713
    Quote Originally Posted by izyrider
    i'm not knocking hard-coded plaintext passwords. i wanted to illustrate that they are vulnerable to an attack that doesn't require extraordinary skills. they can be a valid choice if they meet your security requirements.

    enough security is, by definition, enough.

    Mike's suggestion is a big improvement (though on it's own it doesn't stop a user sharing the password with the unGodly).

    i use hash(NetLoginName & Password & SaltDerivedFromMDE). NSA can walk in whenever they want. Normal folk cannot.

    izy
    And we both know that what I explained won't stop an even half-hearted attempt to crack the pwd ... It will slow them down a little bit just from the sheer possibilities ... And no pwd is safe when it's shared ...
    Back to Access ... ADO is not the way to go for speed ...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •