UtterAccess.com
X   Site Message
(Message will auto close in 2 seconds)

Welcome to UtterAccess! Please ( Login   or   Register )

Custom Search
 
   Reply to this topicStart new topic
> Encrypted Fe And Custom Log In, Access 2010    
 
   
dzoker
post Nov 4 2018, 03:12 PM
Post#1



Posts: 388
Joined: 12-February 14



HI,

I have a database for which I created a custom user log in form with individual username and pw. But I also would like to encrypt this FE which gets me to a point that the users have to 1st enter the password to decrypt the database and then use the custom form to log in. How do I fix this? is there a way to "skip" the DB password and go straight to my custom log in? Or maybe there ais another way to solve this. Any help is appreciated.

Thank you in advance
Go to the top of the page
 
theDBguy
post Nov 4 2018, 03:23 PM
Post#2


Access Wiki and Forums Moderator
Posts: 73,774
Joined: 19-June 07
From: SunnySandyEggo


Hi,

Do your users belong in a network domain? If so, you can read their username from the network and skip your custom login form. You can keep your custom security table though.

Just my 2 cents...

--------------------
Just my 2 cents... "And if I claim to be a wise man, it surely means that I don't know" - Kansas
Access Website | Access Blog | Email
Go to the top of the page
 
dzoker
post Nov 4 2018, 03:38 PM
Post#3



Posts: 388
Joined: 12-February 14



QUOTE
Do your users belong in a network domain? If so, you can read their username from the network and skip your custom login form. You can keep your custom security table though.

Yes they do and yes I can probably do that. Just to clarify, after loging in I would check their username against the user table and the security level table and give them permissions accordingly?

2nd question is if they know the "master password" and they know how to enable the AlowBypass they can go in the database? How do I prevent this?

Thank you TheDBguy.
Go to the top of the page
 
FrankRuperto
post Nov 4 2018, 04:20 PM
Post#4



Posts: 154
Joined: 21-September 14
From: Tampa Bay, Florida, USA


Take a look at the VBA module ModSecurity and VBA code in form frmValidateUser in the FE, and the table tblUsers in the BE of the attached zip files in my posted UA reply



--------------------
Currently supporting many Pawnshops that use my Management System with Access 2010 on Windows7. Ham Radio addict since 1978.
Go to the top of the page
 
theDBguy
post Nov 4 2018, 05:48 PM
Post#5


Access Wiki and Forums Moderator
Posts: 73,774
Joined: 19-June 07
From: SunnySandyEggo


Hi,

Re: "Just to clarify, after loging in I would check their username against the user table and the security level table and give them permissions accordingly?"

You can do two things: 1. Keep your username and password and add the network username in the security table. Then, after you check the network username, you can use the custom username and password from your table to auto-login the user. All you previous permission assignment routines should still work. Or 2. You could change the custom username with the network username and remove the password requirement. You would then adjust your permission assignment routine using the new username. This shouldn't require too much change in your existing process.

Re: "2nd question is if they know the "master password" and they know how to enable the AlowBypass they can go in the database? How do I prevent this?"

If you have users who are good enough to enable the bypass key, then it would mean you can't stop them from getting into the code. The only way to prevent that is to compile your database into a ACCDE and only let the users use the Runtime version of Access (merely running the ACCDE in runtime mode, either with the /runtime or the ACCDR extension will still not stop them from pausing the code and get into the tables or queries).

Just my 2 cents...

--------------------
Just my 2 cents... "And if I claim to be a wise man, it surely means that I don't know" - Kansas
Access Website | Access Blog | Email
Go to the top of the page
 
dzoker
post Nov 4 2018, 05:49 PM
Post#6



Posts: 388
Joined: 12-February 14



Hi Frank,

Thank you for your answer but this is too advanced for me. I'm afraid I'm not at that level yet.
Go to the top of the page
 
dzoker
post Nov 4 2018, 06:15 PM
Post#7



Posts: 388
Joined: 12-February 14



TheDBguy,

Thank you for the explanation, I think I will keep the password requirement as my users sometime leave themselves logged in (the company policy is 15min to lock the windows session) and another user with lower permission can log in with the already logged in user username and get the access that he or she was not assigned to.

Thank you again, I learn so much from you every time you post!
Go to the top of the page
 
theDBguy
post Nov 4 2018, 06:24 PM
Post#8


Access Wiki and Forums Moderator
Posts: 73,774
Joined: 19-June 07
From: SunnySandyEggo


Hi,

You're welcome. I actually inherited a database with a custom username and password and decided to add the network username to it. Now, users don't need to remember their passwords, which they usually forget anyway, because the system automatically logs them into the system. The old login form is still there, opened in hidden mode because the original developer used the permissions assigned to the user through the login form. So, nothing really change except the user doesn't have to worry about remembering a password to login anymore.

Good luck with your project.

--------------------
Just my 2 cents... "And if I claim to be a wise man, it surely means that I don't know" - Kansas
Access Website | Access Blog | Email
Go to the top of the page
 


Custom Search


RSSSearch   Top   Lo-Fi    20th November 2018 - 12:49 PM