By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,490 Members | 1,398 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,490 IT Pros & Developers. It's quick & easy.

Restrict a Form using a Password with Asterixes

P: 4
Hi....i have a form i'd like to restrict to certain users. Can i create another form with a password textbox which, after a password is entered correctly, takes the user to the restricted form ?

Thanks
1 Week Ago #1
Share this Question
Share on Google+
9 Replies


twinnyfo
Expert Mod 2.5K+
P: 3,282
Pol53,

Welcome to Bytes!

Rule #1: Avoid using passwords in Access.

Try looking into this Article on User Permissions within MS Access.

Hope this hepps!
1 Week Ago #2

P: 4
Hi twinnyfo.....thanks for your help. I read (most) of your article and i'm afraid it's about 100 miles over my head. I'm pretty much a novice at this and i was really looking for something simple like a text box and a button to proceed to the form ?
1 Week Ago #3

twinnyfo
Expert Mod 2.5K+
P: 3,282
Well, if this is the route you want to go (I first am assuming that there is nothing terribly protected on this database, you just want to control who can go where, correct?

Then you must somehow manage the users/passwords. Once you can confidently associate a user with a password, then your intermediate form would open up, the user enters their username and password and then goes to the desired form. To use Asterisks instead of showing the Password, you must use the Password Input Mask (it is one of the properties on a text box control). That's about it.

Hope this hepps!
1 Week Ago #4

P: 4
Ok i'll give it a try...thanks again
1 Week Ago #5

NeoPa
Expert Mod 15k+
P: 31,476
Now Twinny has given a perfect answer to your actual question, let me see if I can explain why it is that he earlier tried to warn you against using your current approach for security, and beyond that try to explain how eay it is to use a more robust approach.

Cracking the approach you intend to use is child's play to anyone with any basic understanding of Access. Furthermore, due to the well known tendency of users to use the same password across different systems a system like this could be compromising other, far more important systems used be the same people. If I were looking to crack security to important systems the first thing I'd do is look for a database such as yours to see if the passwords were stored in either plain text or with an easily crackable encryption. That would enable me to get in within minutes instead of potentially taking hours.

That's the bad news. Don't get me wrong - it's serious bad news and could easily hold you liable for a data breach which could result in as little as a job loss - but could also be worse. Luckily though, the solution is relatively straightforward in most circumstances. It also makes usage of your system more seamless and comfortable for the user.

Essentially it works like this :
You run a small and quick-running piece of code (that I'll provide below) which asks Windows the account name of the currently logged-on user. Windows, whether on a domain or even just on a simple PC, is already responsible for determining that you're who you say you are. It knows you're Pol53 (or whatever you use on your system). You've given it the password and that password is hard to crack. If it's cracked then your company has far more to worry about than your system which, after all, is only compromised because it relied on Windows - which everything has to do anyway. No come back on you even in the worst case scenario.

So, all that to describe a very simple call that determines who's using the system. No need to log on again.

All you do now is ensure your database is designed to allow certain users certain access but not others. You can have internal tables that group users together in multiple different ways and simply use the groups for determining who can do what.

You can also determine other things about the logged-on user if you want but let me know if you want that so I can dig it up for you. To start we simply determine the user :
Expand|Select|Wrap|Line Numbers
  1. Private Declare Function GetUserName Lib "advapi32.dll" _
  2.     Alias "GetUserNameA" (ByVal lpBuffer As String, _
  3.                           lpnSize As Long) As Long
  4.  
  5. 'GetLogonName() determines the logon ID of the current user.
  6. Public Function GetLogonName() As String
  7.     Dim lngMax As Long
  8.     Dim strBuffer As String
  9.  
  10.     lngMax = &HFF
  11.     strBuffer = String(lngMax, vbNullChar)
  12.     Call GetUserName(lpBuffer:=strBuffer, lpnSize:=lngMax)
  13.     GetLogonName = Trim(Left(strBuffer, lngMax - 1))
  14. End Function
You must include the declaration at the top of the module in order for it to work in your code.
1 Week Ago #6

NeoPa
Expert Mod 15k+
P: 31,476
I should also mention, as a real afterthought, that such an approach to security is also often seen as impressive by those that use it and those who manage the areas the database is for.

On the other hand, we all understand that sometimes things that are relatively straightforward for us who've been doing such things over many years, can seem very daunting for some that haven't. Go with what you're comfortable with, but do try to understand my earlier post. The hard part's already done for you so it really shouldn't be too complicated to get to grips with.

Good luck whichever way you choose to go.
1 Week Ago #7

P: 4
Hi and thanks for the suggestion. I know the password for a form is very low level but it's just really to prevent some people causing a nuisance. I think i need to get myself familiar with VBA
5 Days Ago #8

twinnyfo
Expert Mod 2.5K+
P: 3,282
Pol53,

Learning VBA is a foundational step in building robust databases. You will be served well by learning as much about it as you can.
5 Days Ago #9

NeoPa
Expert Mod 15k+
P: 31,476
Having a password for a Form is fundamentally different from having passwords for accounts. If it's only the Form you're adding a password to then my earlier warnings are not relevant to your situation.

You should also find that very straightforward but let us know if you get stuck. We're all far happier to help with something when we know it's not likely to get you into trouble. Who wants to be responsible for causing problems?
5 Days Ago #10

Post your reply

Sign in to post your reply or Sign up for a free account.