Results 1 to 5 of 5

Thread: Basic Security

  1. #1
    Join Date
    Feb 2004
    Posts
    59

    Cool Basic Security

    Hi Everyone-

    Okay, so this might be an odd question... I've checked out the security FAQs on multiple bulletin boards and heres what I need to figure out.

    If I want SIMPLE security for my database, can I create a username and password field in a hidden table? Then, can I use those passwords to let people into the system. Everyone will have the same rights, the only thing that I want to distinguish is that each "user" can only change his/her password (and not others)... Does this make sense?

    Any ideas on coding for this?

    Thanks everyone!
    -Matt H-
    www.comperfection.com

  2. #2
    Join Date
    Sep 2003
    Location
    Cincinnati, Oh USA
    Posts
    203

    Re: Basic Security

    You really need to provide more information. Security can be dependant
    on the aplication, server, intranet, internet and so forth.
    Tell us the app and if it's used in house or across the web, single use at a time mutli user, networked?

    Originally posted by mateo107
    Hi Everyone-

    Okay, so this might be an odd question... I've checked out the security FAQs on multiple bulletin boards and heres what I need to figure out.

    If I want SIMPLE security for my database, can I create a username and password field in a hidden table? Then, can I use those passwords to let people into the system. Everyone will have the same rights, the only thing that I want to distinguish is that each "user" can only change his/her password (and not others)... Does this make sense?

    Any ideas on coding for this?

    Thanks everyone!
    Rick Knight
    KnightShift Office Solutions and Horse Breaking
    VB, VBA, FileMaker, Access Solutions, Web Solutions

  3. #3
    Join Date
    Jun 2003
    Location
    USA
    Posts
    1,032
    Okay, so this might be an odd question... I've checked out the security FAQs on multiple bulletin boards and heres what I need to figure out.

    If I want SIMPLE security for my database, can I create a username and password field in a hidden table? Then, can I use those passwords to let people into the system. Everyone will have the same rights, the only thing that I want to distinguish is that each "user" can only change his/her password (and not others)... Does this make sense?
    Don't know if you're thinking about putting the database on the Web but if so your plan looks fine to me.

    And here's something quick I wrote about the concept for ASP pages:

    ASP Design Tips - Login Page
    http://www.bullschmidt.com/devtip-loginpage.asp
    J. Paul Schmidt, Freelance Web and Database Developer
    www.Bullschmidt.com
    Access Database Sample, Web Database Sample, ASP Design Tips

  4. #4
    Join Date
    Feb 2004
    Location
    In front of the computer
    Posts
    15,579
    I'd suggest not storing the password in plain text.

    A simple solution is to concatenate the user name with the password (optionally forcing upper or lower case if you want the password to be case-insensitive), then computing the CRC. This is small, quick, and very hard to break. It allows you to use an ordinary table instead of having to "hide it behind the curtains" to prevent a security breach. A CRC can be broken by brute force (it is expecially vulnerable to dictionary based attacks), but if you keep the details of just which attributes you use to salt the CRC a secret it becomes very tough to break.

    When you create a new user, just pass their password through your CRC routine and store the result. When the user logs back in, pass their password back through the CRC routine and compare the new CRC with the CRC value stored in the table.

    -PatP

  5. #5
    Join Date
    Jun 2003
    Location
    USA
    Posts
    1,032
    Yes, encryption can definitely make the security more enhanced.
    J. Paul Schmidt, Freelance Web and Database Developer
    www.Bullschmidt.com
    Access Database Sample, Web Database Sample, ASP Design Tips

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •