Member Avatar for quintoncoert

i have a form which i have to protect with a password. this form is called from a user form which does not have any passwords on it. which means anyone can access it. in order to accomplish the security i placed a password in an access database but the database itself cannot be password protected since the no-password calling form has to access this database. based on that there is a potential security issue since a person can just open the database and alter the password and then access the form which is supposed to be secure. but i cannot think up a better solution. does anyone have a suggestion?

i thought about encrypting the password before writing it to the database in such a form that if someone wants to change the password in the dbs he would have to first know and apply the encryption but i have little idea of how to do an encryption.

  • 2 Contributors
  • 4 Replies
  • 90 Views
  • 4 Days Discussion Span
  • Latest Post Latest Post by quintoncoert

Recommended Answers

All 4 Replies

Member Avatar for Narue

>but i have little idea of how to do an encryption.
So this is your opportunity to learn. Storing a plain-text password anywhere is a really bad idea, so if you want to make claims about security, you need to encrypt it.

Member Avatar for quintoncoert

So this is your opportunity to learn.

i shall learn later. but i did do some sort of encryption. as a child i read puzzle as well as a few spy books so at least i knew secret codes. i applied a few and for now i believe that it was sufficient.

Member Avatar for Narue

>as a child i read puzzle as well as a few spy books so at least i knew secret codes.
Hmm.

>i applied a few and for now i believe that it was sufficient.
Yea, I hope you don't mind that I won't hire you to add security to my software. ;)

Member Avatar for quintoncoert

>i applied a few and for now i believe that it was sufficient.
Yea, I hope you don't mind that I won't hire you to add security to my software. :P

Sa! How easily a sentence shear a septum!

Just kidding! I know... The security is lousy. But all it does is protect a simple configuration file which remembers how some hardware devices connect to one another. If it had been up to me there would have been no password at all but my boss insists. Besides this is a demo only.(which demonstrates the behaviour of the hardware not the security!)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.