Hey all,
i am developing a switch board and want some secuirty on this switch
board to certain options that are availble to users. For example some
options such as view customers,view stock are open to all users. But i
want some secuirty on certain forms which can be accessable via the
switchboard. For example a prompt screen comes up when certain
options(such as employee details) are clicked asking for a password
for entry. Any information would be very helpful.
The most secure way of controlling access and permissions is to apply
user-level security (a.k.a "workgroup security"). All users then have
to login with username and password when they start your application;
after that, permissions to various objects are automatically controlled
by user or user-group (however you assign them when you secure your
application) without your having to make your own password dialog. You
can also show or hide various controls, if you want, by using code that
checks the current username (returned by the CurrentUser function) or by
checking whether the current user is a member of a particular user
group.
This kind of security *can* be broken, but it's nothing like as easy as
most home-grown security measures.
That said, user-level security is tricky to implement correctly, and
requires that you distribute a workgroup (.mdw) file with your
application. The workgroup file contains the definitions of the users
and groups. To add a new user requires adding the user to the "master"
..mdw file and sending new copies out.
An alternative is to secure things by network user ID. You can get the
network user ID via a call to the Windows API. That's not as secure,
since you have to either hard-code user IDs or maintain a table of them,
which is thus exposed to the world. However, then the user doesn't have
to enter a separate password to use the features of your application --
they logged in to their workstation, and that's enough.
Finally, you can, as you suggested originally, have your own password
form -- or even a simple call to the InputBox function -- to get a user
to enter a password whenever you want to authorize a particular
activity. Then you can check the password entered against either a
hard-coded value or look it up in a table. Either way, the password is
not going to be very secure at all unless you take complicated measures
to encode it, and it may be annoying to the authorized users to be
repeatedly prompted to enter a password as they go about their work.
Sorry, I know I didn't really answer your question, but I thought it a
good idea to make sure you considered the alternatives.
