Password expiration

[Jean-Francois Bouthillier]

Hi all,

I am using Access 2002 workgroup file for security. How
can I give users a flag when it has been more than x days
since they last changed their passsword?

Thank you very much,
Jean-Francois

 

[Douglas J. Steele]

AFAIK, there isn't such a capability in Access.

 

[Graham Mandeno]

Hi Jean-François

As Doug says, this is not built it to Access, but you could have your own
table of users and password change dates, and build your own form for users
to change their password.

The actual code to change a password is quite simple:
DBEngine(0).Users(CurrentUser).NewPassword sOldPwd, sNewPwd

You just need to add error trapping, and a check when the database opens
that it's not time for a change.

--
Good Luck!
Graham Mandeno [Access MVP]
Auckland, New Zealand

Return mail address is invalid in a vain attempt to reduce spam.
Feedback is welcome at: (e-mail address removed)
Please post new questions or followups to newsgroup.

 

[TC]

Hi all,

I am using Access 2002 workgroup file for security. How
can I give users a flag when it has been more than x days
since they last changed their passsword?

You'll need to code it manually. Perhaps something like this (in
pseudo-code):

on system startup:
find user in table;
if not found
add entry with today's date & pw;
else ' found.
see if pw changed;
if yes
update date to today's
else ' pw not changed.
check date difference;
if > limit, issue a warning.
endif
endif

This assumes you have a table containing (for each user):

UserName (primary key)
Password (encrypted)
DateLastChanged

To get a user's encrypted password, do something like this: untested,
cos I don't have Access here to check:

dim db as database, rs as recordset
set db=dbengine.opendatabase(syscmd(acsyscmdgetworkgroupfile))
set rs=db.openrecordset ( _
"select password from msysusers" & _
" where user=""" & currentuser() & """"
debug.print rs![password]
set rs=nothing
set db=nothing

(Note: I'm not sure of the following names. You'll have to check them
out for
yourself:
- "acsyscmdgetworkgroupfile" constant;
- "user" column name.)

As you can see, it's not a job for a beginner. If none of the above
makes any sense to you, you'd be better to say, "This can not readily
be done in Access".

HTH,
TC

 

[TC]

This is simpler than my solution. However, it does not prevent the user from
re-entering his (unchanged) password every 'x' days! To prevent that, you'd
need to store a one-way hash of the new password, in the table, so you could
tell if the password had actually changed, or not.

TC

Hi Jean-François

As Doug says, this is not built it to Access, but you could have your own
table of users and password change dates, and build your own form for users
to change their password.

The actual code to change a password is quite simple:
DBEngine(0).Users(CurrentUser).NewPassword sOldPwd, sNewPwd

You just need to add error trapping, and a check when the database opens
that it's not time for a change.

--
Good Luck!
Graham Mandeno [Access MVP]
Auckland, New Zealand

Return mail address is invalid in a vain attempt to reduce spam.
Feedback is welcome at: (e-mail address removed)
Please post new questions or followups to newsgroup.

Hi all,

I am using Access 2002 workgroup file for security. How
can I give users a flag when it has been more than x days
since they last changed their passsword?

Thank you very much,
Jean-Francois