Real Database Security
Posted on 1997-07-15
I have an app that uses password protected Paradox tables. Currently, the user is prompted with a password dialog and I use the AddPassword method to open the tables. I also give the user the ability to change thier password.
I'm using a table to store three password records (the user password, the administrator password and a reset password) in two fields - UserPassword & SystemPassword. The password dialog box finds the textbox value in the table's UserPassword field, then assigns the SystemPassword to the session.
The Problem is - this is really dumb! It works very well, but in terms of security, anyone could open the password table (it's not protected) and get the real passwords.
What is a better way to REALLY secure my application, but still allow the user to change and reset their password (this is why I didn't hard code it). This is a stand-alone app, so no answers telling me to restrict access to drives, etc.