Database security

G

Guest

I'm doing a system with Access 2000. What I need is the ability to manage
passwords the way the operating systems do. By that I mean:

a) When a new user is set up, or anytime an Admins group member sets/resets
a password, the user is forced to change the password on the next login.

b) I can set rules that every x days passwords must be changed.

c) Passwords can be forced to be strong (e.g. requiring alphas, numerics and
special characters).

Have any of these been implemented in later versions of Access? If so,
which? If not, anybody have any ideas or experience with this?

TIA,

John
 
B

Brendan Reynolds

Security is managed by Jet rather than Access, so that would require a new
version of Jet, and so far as we know no new version of Jet is planned.

While it is possible to work with users and groups programmatically via DAO
or ADOX, I don't believe the object model exposes any method to determine
when a user was created, or when a password was last changed, so you would
have to implement that yourself. If you also wanted to ensue that the user
really did change the password to something different from the old password,
you'd have to store the password as well. That's obviously a security risk,
you'd need to encrypt it.

If this functionality is essential to your application, I suspect that you
and your customers may well be better served in the long term by moving to
SQL Server and integrated security. To reproduce the functionality in Jet
would, I believe, cost at least as much, take at least as long, and probably
would never work as well.

--
Brendan Reynolds (MVP)
http://brenreyn.blogspot.com

The spammers and script-kiddies have succeeded in making it impossible for
me to use a real e-mail address in public newsgroups. E-mail replies to
this post will be deleted without being read. Any e-mail claiming to be
from brenreyn at indigo dot ie that is not digitally signed by me with a
GlobalSign digital certificate is a forgery and should be deleted without
being read. Follow-up questions should in general be posted to the
newsgroup, but if you have a good reason to send me e-mail, you'll find
a useable e-mail address at the URL above.
 
C

Chuck Wood

Hi John,

You can do this using tables and forms.
1. Create a Users table.
- UserName
- Password
- DateCreated
- DateChanged
- IsAdmin (Y/N)
2. Create a SignIn (Logon) form.
3. Create an Admins form.
4. Require that everyone sign in using the SignIn/Logon form.
5. Add one Admin (yourself?) to the Users table.
6. Admins can use the Admins form (after signing in/logging on) to add users
and admins.
7. Have the SignIn/Logon form check the Users table to see if the user has
used the correct password and exit the database if not.

Let me know if you need further details on this.

Chuck Wood
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

security issues 1
Security Wizard Problem 1
Database on networked drive 2
Database Question 1
Workgroup security 2
security exception opening an Access database from an InfoPath form 1
Add myself to the administrators group, open the db exclusively 1
Database Question 2

Top