Is There A Variable Type I can use to Hold a Value Even When theapplication is closed?

[R Tanner]

Hi,

I want to assign the value of the password of the current user to a
variable that will hold the value, even after the program is closed
and reopened. I plan on having a button that will clear out the value
of that variable if the user so wishes. Every time the program is
loaded, the form_open event for my main form can check the value of
this variable and, if it is null, it will require the user to login.
There will be a checkbox there called remember my password. If it is
checked, the value of the password and the username will be assigned
to two separate variables and held for an undetermined amount of time,
regardless of whether the application is closed or not.

What would I be best suited to use to do this?

Thanks.

 

[R Tanner]

I believe a table is probably your best option.








--
RuralGuy (RG for short) aka Allan Bunch MS Access MVP - acXP WinXP Pro
Please post back to this forum so all may benefit.

Message posted viahttp://www.accessmonster.com

Actually, for anyone interested, I wrote the username out to a text
file on the users local drive - a drive not connected to the network.
When the application is loaded, it checks to see if the file exists.
If it does not, it presents the user with the login screen. If it
does exist, it uses the credentials in the text file to log the user
in. Pretty ingenious I think.

 

[John W. Vinson]

Actually, for anyone interested, I wrote the username out to a text
file on the users local drive - a drive not connected to the network.
When the application is loaded, it checks to see if the file exists.
If it does not, it presents the user with the login screen. If it
does exist, it uses the credentials in the text file to log the user
in. Pretty ingenious I think.

It is; but it's also pretty vulnerable if you are trying to keep anyone
dishonest out. All they'd need to do is copy the file to their own computer.
Your only real protection is obfuscation (making the file non-obvious).

 

[R Tanner]

It is; but it's also pretty vulnerable if you are trying to keep anyone
dishonest out. All they'd need to do is copy the file to their own computer.
Your only real protection is obfuscation (making the file non-obvious).

Very true. If anyone knew how i was making the application remember
the password, it would be very easy to tamper with. I am thinking of
a couple of ways I could alleviate this vulnerability:

1. I could set the file's hidden attribute. I am not sure how to
access the shell command in vba though.

2. When the user initially logs in the password is written to the
credentials file. I could have my application verify this is the
correct password for the said user before logging in - a user may be
able to change the name in the file and consequently attempt to login
with the changed credentials, but unless he knows the password of the
user, he will not be able to access the app. There is no way the user
could get the password for another user, so this should work, I think.

 

[John W. Vinson]

Hi,

I want to assign the value of the password of the current user to a
variable that will hold the value, even after the program is closed
and reopened. I plan on having a button that will clear out the value
of that variable if the user so wishes. Every time the program is
loaded, the form_open event for my main form can check the value of
this variable and, if it is null, it will require the user to login.
There will be a checkbox there called remember my password. If it is
checked, the value of the password and the username will be assigned
to two separate variables and held for an undetermined amount of time,
regardless of whether the application is closed or not.

What would I be best suited to use to do this?

Thanks.

"Rolling your own" security system is really tough, and it's very hard to make
any such system both convenient for legitimate users and secure against
intruders. For once I'll agree with Aaron; if you really want to keep your
data secure, keep it in a properly secured client/server database such as
SQL/Server, with an Access frontend. It just depends on who you're trying to
keep out, and how determined and skilled they are; if you're just trying to
keep honest people from stumbling into the wrong place, then you'll be OK.

 

[Clifford Bass]

Hi,

If you really want to store the password securely, you should take a
look at
<http://msdn.microsoft.com/en-us/library/aa374731(VS.85).aspx#credentials_management_functions>.
It probably would not be easy to implement from VBA since it is all calls
out to DLL functions. But it would keep the password safe/encrypted and only
accessible by the user when the user is logged into the machine. Of course,
if the user leaves his computer unattended without locking it, anyone can
still connect to your database. And of course, if this is an Access 2003 or
earlier password, it really does not protect anything as there are plenty of
Access password discovery programs out there.

Clifford Bass