Connecting Tech Pros Worldwide Help | Site Map
bytes > topic > visual basic .net > answers

How To Create Login Password Protected Database

clusardi2k@aol.com
Guest
  
Posts: n/a
#1: May 2 '06
Hello again,

I have to go home and read up on Access.

But, I have read else-where in this newsgroup that I can just save the
password in the database under scrutiny.

Wouldn't it be wasteful to create a password column for all database
entries?

E.G.:

Entry 1: password field1 ... fieldn
....
Entry M:password field1 ... fieldn

Note: For security reasons (unless I have to), I do not want to
hardcode passwords in VB 8, or save encryted passwords in a text file..

Thanks,
Christopher Lusardi
AMDRIT
Guest
  
Posts: n/a
#2: May 2 '06

re: How To Create Login Password Protected Database

Access supports workgroup security files. This allows you to create users,
groups and assign security to the database objects even at the field level.
Once the workgroup file is setup, you can then provide a simple interface in
your application to prompt the user for the login information. The security
will be much like that of SQL or Oracle once implemented.

Have a look at
http://office.microsoft.com/en-us/as...704101033.aspx


<clusardi2k@aol.com> wrote in message
news:1146595429.398482.20170@g10g2000cwb.googlegro ups.com...[color=blue]
> Hello again,
>
> I have to go home and read up on Access.
>
> But, I have read else-where in this newsgroup that I can just save the
> password in the database under scrutiny.
>
> Wouldn't it be wasteful to create a password column for all database
> entries?
>
> E.G.:
>
> Entry 1: password field1 ... fieldn
> ...
> Entry M:password field1 ... fieldn
>
> Note: For security reasons (unless I have to), I do not want to
> hardcode passwords in VB 8, or save encryted passwords in a text file..
>
> Thanks,
> Christopher Lusardi
>[/color]
AverageUser
Guest
  
Posts: n/a
#3: May 2 '06

re: How To Create Login Password Protected Database

IMHO, the security on Access is very weak because the security file can be
deleted and the database can be exposed to anyone.

"AMDRIT" wrote:
[color=blue]
> Access supports workgroup security files. This allows you to create users,
> groups and assign security to the database objects even at the field level.
> Once the workgroup file is setup, you can then provide a simple interface in
> your application to prompt the user for the login information. The security
> will be much like that of SQL or Oracle once implemented.
>
> Have a look at
> http://office.microsoft.com/en-us/as...704101033.aspx
>
>
> <clusardi2k@aol.com> wrote in message
> news:1146595429.398482.20170@g10g2000cwb.googlegro ups.com...[color=green]
> > Hello again,
> >
> > I have to go home and read up on Access.
> >
> > But, I have read else-where in this newsgroup that I can just save the
> > password in the database under scrutiny.
> >
> > Wouldn't it be wasteful to create a password column for all database
> > entries?
> >
> > E.G.:
> >
> > Entry 1: password field1 ... fieldn
> > ...
> > Entry M:password field1 ... fieldn
> >
> > Note: For security reasons (unless I have to), I do not want to
> > hardcode passwords in VB 8, or save encryted passwords in a text file..
> >
> > Thanks,
> > Christopher Lusardi
> >[/color]
>
>
>[/color]
clusardi2k@aol.com
Guest
  
Posts: n/a
#4: May 3 '06

re: How To Create Login Password Protected Database


AverageUser wrote:[color=blue]
> IMHO, the security on Access is very weak because the security file can be
> deleted and the database can be exposed to anyone.[/color]

What can I do about this? If I throw away VB and use Access directly
would that be better, or should I use something such as Oracle?

Thank you,
Christopher Lusardi
AMDRIT
Guest
  
Posts: n/a
#5: May 3 '06

re: How To Create Login Password Protected Database

Every lock has a lockpick. Access' security file is good enough. LAN
deployments are reasonably safe, just like pending deposits your accountants
manage. It would be more secure than a CSV file. If you are that concerned
about the security, create a webservice or remoting service and put the
server in a NOC, or move to a major RDBMS.

I don't think that security should be the main focus with Access. Rather,
file locks on Novell servers, or data contention and disaster recovery
should be the main focus.

More about that security file. If you attempt to open the MDB without the
security file, you will recieve an error. The only way I suppose you could
bypass the security file, is to modify the header of the database itself.
Absense of the security file is the same as absense of your key on the way
back from vacation; there may be another way in, most people wont try it.

"AverageUser" <AverageUser@discussions.microsoft.com> wrote in message
news:29161250-4C8E-4381-BFE4-FE5F390501F2@microsoft.com...[color=blue]
> IMHO, the security on Access is very weak because the security file can be
> deleted and the database can be exposed to anyone.
>
> "AMDRIT" wrote:
>[color=green]
>> Access supports workgroup security files. This allows you to create
>> users,
>> groups and assign security to the database objects even at the field
>> level.
>> Once the workgroup file is setup, you can then provide a simple interface
>> in
>> your application to prompt the user for the login information. The
>> security
>> will be much like that of SQL or Oracle once implemented.
>>
>> Have a look at
>> http://office.microsoft.com/en-us/as...704101033.aspx
>>
>>
>> <clusardi2k@aol.com> wrote in message
>> news:1146595429.398482.20170@g10g2000cwb.googlegro ups.com...[color=darkred]
>> > Hello again,
>> >
>> > I have to go home and read up on Access.
>> >
>> > But, I have read else-where in this newsgroup that I can just save the
>> > password in the database under scrutiny.
>> >
>> > Wouldn't it be wasteful to create a password column for all database
>> > entries?
>> >
>> > E.G.:
>> >
>> > Entry 1: password field1 ... fieldn
>> > ...
>> > Entry M:password field1 ... fieldn
>> >
>> > Note: For security reasons (unless I have to), I do not want to
>> > hardcode passwords in VB 8, or save encryted passwords in a text file..
>> >
>> > Thanks,
>> > Christopher Lusardi
>> >[/color]
>>
>>
>>[/color][/color]
clusardi2k@aol.com
Guest
  
Posts: n/a
#6: May 3 '06

re: How To Create Login Password Protected Database

I think I'll store hashed passwords in a database and keep a backup of
the database.

Chris
Göran Andersson
Guest
  
Posts: n/a
#7: May 3 '06

re: How To Create Login Password Protected Database

What is it that you want to protect, really, and from whom?

clusardi2k@aol.com wrote:[color=blue]
> Hello again,
>
> I have to go home and read up on Access.
>
> But, I have read else-where in this newsgroup that I can just save the
> password in the database under scrutiny.
>
> Wouldn't it be wasteful to create a password column for all database
> entries?
>
> E.G.:
>
> Entry 1: password field1 ... fieldn
> ...
> Entry M:password field1 ... fieldn
>
> Note: For security reasons (unless I have to), I do not want to
> hardcode passwords in VB 8, or save encryted passwords in a text file..
>
> Thanks,
> Christopher Lusardi
>[/color]
Closed Thread

« previous question | next question »

Similar Visual Basic .NET bytes

/bytes/development

/bytes/it

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,295 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved