Solved

Real Database Security

Posted on 1997-07-15
3
159 Views
Last Modified: 2010-04-06
I have an app that uses password protected Paradox tables.  Currently, the user is prompted with a password dialog and I use the AddPassword method to open the tables.  I also give the user the ability to change thier password.

I'm using a table to store three password records (the user password, the administrator password and a reset password) in two fields - UserPassword & SystemPassword.  The password dialog box finds the textbox value in the table's UserPassword field, then assigns the SystemPassword to the session.

The Problem is - this is really dumb!  It works very well, but in terms of security, anyone could open the password table (it's not protected) and get the real passwords.

What is a better way to REALLY secure my application, but still allow the user to change and reset their password (this is why I didn't hard code it).  This is a stand-alone app, so no answers telling me to restrict access to drives, etc.
0
Comment
Question by:d4jaj1
  • 2
3 Comments
 
LVL 1

Accepted Solution

by:
Nuno Alves earned 50 total points
Comment Utility
A simple way to protect your passwords is to encrypt them.
Once i built an application in paradox that use passwords and what i did was before saving the password in the table i encrypt with a word, for example, if your password lenght is 7, you use a  7 letters word and sum the ascii code of each one to the password, so if someone opens the password table can't understand  the password.
It is not the most secure way to protect the password but it works.
0
 
LVL 3

Author Comment

by:d4jaj1
Comment Utility
Sounds pretty good but, I don't know how to 'sum the ascii code' in the table.  If I chnage the text somehow, wouldn't my program fail everytime it searched for the password - which is a string?  Can you help?
0
 
LVL 1

Expert Comment

by:Nuno Alves
Comment Utility
You have access to the passwords table. What you could do is build a little function to read the passwords one by one and sum the ascii code of the word that you selected(use the function ORD to know the ascii code of a letter and then with the sum with CHR function you transform the ascii code in character). Then save the new word.
After, when a user give the password, you encrypt it and then you have the same word that is in the table, so you can compare.
This is what you could do:

     user_pass --> original password
   + pascalpas --> word you selected "pascal"
     ---------    
     erfrgrh23 --> save this in the table    


0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
Introduction The parallel port is a very commonly known port, it was widely used to connect a printer to the PC, if you look at the back of your computer, for those who don't have newer computers, there will be a port with 25 pins and a small print…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now