Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Real Database Security

Posted on 1997-07-15
3
Medium Priority
?
177 Views
Last Modified: 2010-04-06
I have an app that uses password protected Paradox tables.  Currently, the user is prompted with a password dialog and I use the AddPassword method to open the tables.  I also give the user the ability to change thier password.

I'm using a table to store three password records (the user password, the administrator password and a reset password) in two fields - UserPassword & SystemPassword.  The password dialog box finds the textbox value in the table's UserPassword field, then assigns the SystemPassword to the session.

The Problem is - this is really dumb!  It works very well, but in terms of security, anyone could open the password table (it's not protected) and get the real passwords.

What is a better way to REALLY secure my application, but still allow the user to change and reset their password (this is why I didn't hard code it).  This is a stand-alone app, so no answers telling me to restrict access to drives, etc.
0
Comment
Question by:d4jaj1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 1

Accepted Solution

by:
Nuno Alves earned 200 total points
ID: 1338937
A simple way to protect your passwords is to encrypt them.
Once i built an application in paradox that use passwords and what i did was before saving the password in the table i encrypt with a word, for example, if your password lenght is 7, you use a  7 letters word and sum the ascii code of each one to the password, so if someone opens the password table can't understand  the password.
It is not the most secure way to protect the password but it works.
0
 
LVL 3

Author Comment

by:d4jaj1
ID: 1338938
Sounds pretty good but, I don't know how to 'sum the ascii code' in the table.  If I chnage the text somehow, wouldn't my program fail everytime it searched for the password - which is a string?  Can you help?
0
 
LVL 1

Expert Comment

by:Nuno Alves
ID: 1338939
You have access to the passwords table. What you could do is build a little function to read the passwords one by one and sum the ascii code of the word that you selected(use the function ORD to know the ascii code of a letter and then with the sum with CHR function you transform the ascii code in character). Then save the new word.
After, when a user give the password, you encrypt it and then you have the same word that is in the table, so you can compare.
This is what you could do:

     user_pass --> original password
   + pascalpas --> word you selected "pascal"
     ---------    
     erfrgrh23 --> save this in the table    


0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The uses clause is one of those things that just tends to grow and grow. Most of the time this is in the main form, as it's from this form that all others are called. If you have a big application (including many forms), the uses clause in the in…
Hello everybody This Article will show you how to validate number with TEdit control, What's the TEdit control? TEdit is a standard Windows edit control on a form, it allows to user to write, read and copy/paste single line of text. Usua…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question