Solved

Real Database Security

Posted on 1997-07-15
3
161 Views
Last Modified: 2010-04-06
I have an app that uses password protected Paradox tables.  Currently, the user is prompted with a password dialog and I use the AddPassword method to open the tables.  I also give the user the ability to change thier password.

I'm using a table to store three password records (the user password, the administrator password and a reset password) in two fields - UserPassword & SystemPassword.  The password dialog box finds the textbox value in the table's UserPassword field, then assigns the SystemPassword to the session.

The Problem is - this is really dumb!  It works very well, but in terms of security, anyone could open the password table (it's not protected) and get the real passwords.

What is a better way to REALLY secure my application, but still allow the user to change and reset their password (this is why I didn't hard code it).  This is a stand-alone app, so no answers telling me to restrict access to drives, etc.
0
Comment
Question by:d4jaj1
  • 2
3 Comments
 
LVL 1

Accepted Solution

by:
Nuno Alves earned 50 total points
ID: 1338937
A simple way to protect your passwords is to encrypt them.
Once i built an application in paradox that use passwords and what i did was before saving the password in the table i encrypt with a word, for example, if your password lenght is 7, you use a  7 letters word and sum the ascii code of each one to the password, so if someone opens the password table can't understand  the password.
It is not the most secure way to protect the password but it works.
0
 
LVL 3

Author Comment

by:d4jaj1
ID: 1338938
Sounds pretty good but, I don't know how to 'sum the ascii code' in the table.  If I chnage the text somehow, wouldn't my program fail everytime it searched for the password - which is a string?  Can you help?
0
 
LVL 1

Expert Comment

by:Nuno Alves
ID: 1338939
You have access to the passwords table. What you could do is build a little function to read the passwords one by one and sum the ascii code of the word that you selected(use the function ORD to know the ascii code of a letter and then with the sum with CHR function you transform the ascii code in character). Then save the new word.
After, when a user give the password, you encrypt it and then you have the same word that is in the table, so you can compare.
This is what you could do:

     user_pass --> original password
   + pascalpas --> word you selected "pascal"
     ---------    
     erfrgrh23 --> save this in the table    


0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction Raise your hands if you were as upset with FireMonkey as I was when I discovered that there was no TListview.  I use TListView in almost all of my applications I've written, and I was not going to compromise by resorting to TStringGrid…
In my programming career I have only very rarely run into situations where operator overloading would be of any use in my work.  Normally those situations involved math with either overly large numbers (hundreds of thousands of digits or accuracy re…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now