security & permission problem (97)

Topic

New Reply

security & permission problem
hi,
I

Reply | Quote

Replies

Arage,
here I’m back. Sorry, from time to time a have to do something to earn a little bit of money.

You say you have to enter a second password ? Seems like you have secure your back-end with a different MDW file then that from the Front-end. If so you have to start over the securing of the back-end and this with the same MDW file as your Front-end.

What is that thing of Open table Passwords ?
Passwords are stored in the MDW file and never in a MDB file and are not accessible to users. Is this a table you created ? Why ?

Reply | Quote

well Francois,
when I started by system I had no clue how to use workgroups & security so I went about making my own password form in my front end, this is an important form for me b/c it gives different users different menus based on the ID & password they entered. I use a PASSWORD table in my backend to hold the data. Users should not go into my backend open that table up & view different passwords, but they must have read access to it when they

Reply | Quote

In My point of view, you will have to remove all your security programing.
If you want to give users different menus you can do that.
CurrentUser will give you the name the user use to log in.
Tis is a sample

Select Case CurrentUser
   Case "Arage"
       code to show menu's of arage
   Case "Francois"
      Code to show menu's of Francois
   Case Else 
      Code to throw the user out of the application
End Select

Even better would be to base your code on groups and see ifthe CurrentUser is member of the group. If a user leave the company or a new user is coming in, the only thing you have to do is remove or add him to a group.
I don’t remember the code to see if a user is member of a group, but a have a look in my mdb’s and let you know.

Reply | Quote

that

Reply | Quote

Actually, it shouldn’t be very hard to apply access security to your back-end, and to explicitly not let users see the password table in the back-end. However, they do need to be able to see it in the front-end table enough to get past the login prompt with their legitimate userid and password. Your concerns are why Microsoft chose to put user IDs and passwords in a separate file – the system.mdw file and to encrypt them.

BTW, there are some OCX controls and DLLs that will let you encrypt the password if you really want to.

Reply | Quote

Wendell,
I

Reply | Quote

Probably the most secure way is to write VBA to switch security to the master account in order read the password table and compare it with the one the user has typed in. You could even encrypt the database containing the password table. There is a fairly complete (and lengthy) discussion of this concept in the Access Developers Handbook by Ken Getz, et. al. In order to make sure users can’t read your code and decipher the master password, you would need to make the front-end database an MDE.

The bottom line however, is that that unless you implement the Access security model, a clever user will always be able to read your password table. Doing so isn’t very difficult – just use the Security Wizard.

Reply | Quote