Solid Access user loging form for a database

Frank Freese
Frank Freese used Ask the Experts™
Folks,
In searching the web for building a solid login form for multiple users I find myself unsure of what secure login to use? Can anyone point me to an example of creating a login form with username and password? I'm sure I'll build on this question but until I know what to ask I'll wait.
Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Mark EdwardsChief Technology Officer
Depending on the level of security you need, you can create a table of approved users and put their login username in the table.  When the app opens, have the startup code get the current username from the machine and search the table for it.  If it finds it, they are ok.  If not, then they need to be notified that they are not an approved user and then run the Quit command.

You can also add additional info to the user table for whatever purposes you need.

Of course, you'll need to make sure the users can't freely access the table and monkey with it.
btanExec Consultant
Distinguished Expert 2018
About security, hashing and adding a salt to your password is about the easiest thing you can do. It would still be secure but otherwise for more option, suggest looking at  multi-factor authentication and privilege access management solution about it is going to beef up with cost, and they are solid though cost effectiveness is for your deliberation.

Coming back, you could do something like this:

User clicks sign up link

Bring up sign up form using SSL

Once user clicks the submit button

Hash password. Add salt. Store in database. Adding a salt to your hashed password will prevent attacked from using a rainbow table to brute force your passwords. Take a look here for functions that take care of hashing passwords.
http://en.wikipedia.org/wiki/Rainbow_table

You could also force users to create a password with specific rules. Such as, requiring all passwords to be greater than 12 characters, at least one number, etc...

Once the user needs to log in, you can do something similar to:

Get username and sanitize it. Remember to never trust the users input.

Escape the password to ensure people without an account get access via SQL injection. https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html

Once all is in place you can query your database to see if there are any rows returned.
Users hate remembering separate logins for each application. It's too complicated and people end up writing their passwords on sticky notes stuck on their monitors.

If allowed, it's easiest to trust Window's login and assume that if someone breaches that, there're having a lot more problems than your Access App.

Window's can be automatically set to sleep after a certain period of idleness to require logging back in. That's much more of a security issue than an app's login since people can be in your app (after they've logged in) and leave their machine on.

To avoid complicating user's experiences, we've built apps that take the user's Windows login and verify it's in a list of approved users. If so, they are automatically let in.

If not, they are prompted for a login and password, or we can prevent logins completely.

For slightly higher security, we require one successful login with their username, store their success in their registry, and based on that, let them in the future.
Software & Systems Engineer
You can do it in many many ways...
Just present a form with 2 textboxes : Username/password
Depending on your needs this can be filled either automatically/semi automatically ..or manually
As for the secure next...just XOR the values
Const EncryptionKey = SomeNumber ' just put  a key like "1233'
Public Function Decrypt(strIn As String) As String

Dim strChr As String
Dim i As Integer
Dim j As Integer
Dim LengthDecrypt As Integer
j = 1
LengthDecrypt = Len(CStr(EncryptionKey))

For i = 1 To Len(strIn) / LengthDecrypt
strChr = strChr & Chr(CLng(Mid(strIn, j, LengthDecrypt)) Xor EncryptionKey)
j = j + LengthDecrypt
Next i
Decrypt = strChr
End Function

Public Function Encrypt(strIn As String) As String
Dim strChr As String
Dim i As Integer
Dim LowerCase As String
LowerCase = LCase(strIn)
For i = 1 To Len(strIn)
strChr = strChr & CStr(Asc(Mid(LowerCase, i, 1)) Xor EncryptionKey)
Next i
Encrypt = strChr
End Function

Open in new window

Thanks folks. John presented me with a coded solution and that's why I went with him. I appreciate everyone participant.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial