Solved

Real Database Security

Posted on 1997-07-15
3
174 Views
Last Modified: 2010-04-06
I have an app that uses password protected Paradox tables.  Currently, the user is prompted with a password dialog and I use the AddPassword method to open the tables.  I also give the user the ability to change thier password.

I'm using a table to store three password records (the user password, the administrator password and a reset password) in two fields - UserPassword & SystemPassword.  The password dialog box finds the textbox value in the table's UserPassword field, then assigns the SystemPassword to the session.

The Problem is - this is really dumb!  It works very well, but in terms of security, anyone could open the password table (it's not protected) and get the real passwords.

What is a better way to REALLY secure my application, but still allow the user to change and reset their password (this is why I didn't hard code it).  This is a stand-alone app, so no answers telling me to restrict access to drives, etc.
0
Comment
Question by:d4jaj1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 1

Accepted Solution

by:
Nuno Alves earned 50 total points
ID: 1338937
A simple way to protect your passwords is to encrypt them.
Once i built an application in paradox that use passwords and what i did was before saving the password in the table i encrypt with a word, for example, if your password lenght is 7, you use a  7 letters word and sum the ascii code of each one to the password, so if someone opens the password table can't understand  the password.
It is not the most secure way to protect the password but it works.
0
 
LVL 3

Author Comment

by:d4jaj1
ID: 1338938
Sounds pretty good but, I don't know how to 'sum the ascii code' in the table.  If I chnage the text somehow, wouldn't my program fail everytime it searched for the password - which is a string?  Can you help?
0
 
LVL 1

Expert Comment

by:Nuno Alves
ID: 1338939
You have access to the passwords table. What you could do is build a little function to read the passwords one by one and sum the ascii code of the word that you selected(use the function ORD to know the ascii code of a letter and then with the sum with CHR function you transform the ascii code in character). Then save the new word.
After, when a user give the password, you encrypt it and then you have the same word that is in the table, so you can compare.
This is what you could do:

     user_pass --> original password
   + pascalpas --> word you selected "pascal"
     ---------    
     erfrgrh23 --> save this in the table    


0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
This article explains how to create forms/units independent of other forms/units object names in a delphi project. Have you ever created a form for user input in a Delphi project and then had the need to have that same form in a other Delphi proj…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question