Tom van Stiphout <no************ *@cox.net> wrote in message news:<2b******* *************** **********@4ax. com>...
On 3 Sep 2004 05:29:56 -0700, gr**********@ho tmail.com (Chris) wrote:
Security is an advanced topic. Download, study, and fully understand
the Access Security FAQ from microsoft.com. Among other things you'll
learn about RWOP queries. You should replace DLookup with a RWOP
query.
Alternatively you can store the authorization codes in encrypted form,
and decrypt them in code. Your code is compiled to MDE (right?) so
users can't inspect your algorithm.
-Tom.
I have a lookup table which contains authorisation codes for a
particular operation.
When a user makes a booking a random reference number is generated.
The user obtains the code from his/her supervisor and inputs it to
allow the operation to continue. In VBA the authorisation is checked
(DLookUp) for validity.
I have activated full security but find that obviously DLookup will
only work if there is read permission for the table. But this means
that users can potentially open the table and observe the contents.
How can I avoid this?
Many thanks for any help.
Thanks for your help, Tom. I like to think that I know Access Security
quite well having written a fair number of databases over the years
which utilise it, and secfaq.doc has been resident on my PC for some
while. I did know about RWOP but this has no advantage in my situation
over DLookUp.
My requirement was/is to prevent certain users from being able to read
a lookup table containing authorisation codes, but at the same time
via code to be able to verify a code which that user has just input.
There are other ways to achieve the same result, one being to
calculate the auth code then and there using predetermined formulae
(in code), or else to hide the lookup table from view by using the
Usys prefix.
If anyone has any better suggestions, I'd be delighted to hear them.
Many thanks
Chris
