By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,106 Members | 2,679 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,106 IT Pros & Developers. It's quick & easy.

OK button VB codes in login form

P: 3
I have created the following tables:
tbl_users- username, userlogin, usersecurity & password fields
tbl_security- secid & securitylevel (1 for admin & 2 for users)
i have also created a login form with OK & Cancel buttons.
i have two text box in the login form:
1. login
2. Password
i want the following actions:
1. if either the login or password is typed wrongly a message is display.
2. if both are correct, then user can access specific forms, depending on the security level set for each. for Admin (1) access to say "switchboard" is granted & for user (2) access is grated to say "customer table".
3. after the login, the login form should be closed.
Oct 31 '17 #1

✓ answered by NeoPa

That wasn't a criticism of your question per se DUMS. I removed a post that answered your question in such a way as to leave you, and anyone using a system designed that way, exposed to severe criticism.

In the current climate security is a very important issue. Anyone storing passwords at whatever level has a responsibility to keep them very safe - as they may be a window into very much more than just your system.

It is a great deal safer for you, and anyone considering putting your own security process in place, to use a system already designed and available to you. One example is to get the UserName from the local security context (whether that be Domain or PC level) and allow/deny based on that. The Account used is easy to get (Function to Return UserName (NT Login) of Current User). Groups less so but can be done. My systems work this way. No passwords stored. I just get the account name and check for certain group memberships. For the account name to be available the user has already proven their bona fides by logging on in the first place.

If you create a basic system that stores passwords and someone breaks into that and steals the stored passwords then you can be found to be criminally negligent and hit with severe punitive damages. Most don't appreciate just how dangerous an area this is - and it's increasingly so as time goes on. This isn't going to go away.

So, beware what you ask for. You have been warned.

PS. Yes. Your question was asked well. You were just unlucky to stumble over an area of such importance and sensitivity that I was obliged to intervene (The last thing I wanted to do was delete a post from my good friend ADezii. He's been contributing on this site even longer than I have).

Share this Question
Share on Google+
4 Replies


NeoPa
Expert Mod 15k+
P: 31,494
I'm a little surprised to see a solution suggested that has passwords stored and compared in the raw. That's a dangerous and irresponsible approach when you consider how many people use the same passwords for multiple systems. Yours could be the unlocked door that allows someone, without even any hacking skills, to take over someone's identity and ruin their life. I suggest that serious consideration be given before using any such system.

Sorry for expressing this so strongly, but this is a very serious issue and we at Bytes.com must be seen to take it seriously and handle it responsibly.

Someone asking such a question is far better advised to use existing security rather than trying to build their own. MS Domains, and even single systems, have security built in. It makes much better sense to use this than rolling one's own as it were. There are numerous examples of such questions already that are easily found with a little searching.

Unfortunately, there are also examples of routines written for the ones that ask the question instead of considered advice that pertains to their situation. Avoid these unless you want to end up on the wrong side of a big law suit, or even if the idea of causing such damage to someone else is not something you're comfortable with.

There are also articles available on Bytes.com that explain how to encrypt data in such a way that the password cannot be cracked, as well as explaining how best to make the comparison such that the unencrypted text is never stored anywhere.
Nov 1 '17 #2

P: 3
just cannot really comprehend what you trying to come up with.
i have taken my time to simply explain what support i need- regarding codes for a login form.
simply expecting someone to help me along with the necessary code to accomplish the bullets above.
so what sparked up the issue of security breach.
anyway thanks.
cheers!!!
Nov 1 '17 #3

NeoPa
Expert Mod 15k+
P: 31,494
That wasn't a criticism of your question per se DUMS. I removed a post that answered your question in such a way as to leave you, and anyone using a system designed that way, exposed to severe criticism.

In the current climate security is a very important issue. Anyone storing passwords at whatever level has a responsibility to keep them very safe - as they may be a window into very much more than just your system.

It is a great deal safer for you, and anyone considering putting your own security process in place, to use a system already designed and available to you. One example is to get the UserName from the local security context (whether that be Domain or PC level) and allow/deny based on that. The Account used is easy to get (Function to Return UserName (NT Login) of Current User). Groups less so but can be done. My systems work this way. No passwords stored. I just get the account name and check for certain group memberships. For the account name to be available the user has already proven their bona fides by logging on in the first place.

If you create a basic system that stores passwords and someone breaks into that and steals the stored passwords then you can be found to be criminally negligent and hit with severe punitive damages. Most don't appreciate just how dangerous an area this is - and it's increasingly so as time goes on. This isn't going to go away.

So, beware what you ask for. You have been warned.

PS. Yes. Your question was asked well. You were just unlucky to stumble over an area of such importance and sensitivity that I was obliged to intervene (The last thing I wanted to do was delete a post from my good friend ADezii. He's been contributing on this site even longer than I have).
Nov 1 '17 #4

P: 16
I have to second Neo's reccomendation of pulling the logged in user. With all the passwords we are required to remember in today's realm - it's easier to use the measures in place already. Another positive aspect is you don't have to worry about lockouts and it takes a more "savy" explorer to figure out how to change permissions.
Nov 2 '17 #5

Post your reply

Sign in to post your reply or Sign up for a free account.