[AccessD] Password Generator?

Drew Wutka DWUTKA at marlow.com
Wed Dec 20 11:36:45 CST 2006 

Even though Access User Level security is breakable, it's a better approach
to securing items then the method you've run into.  No need to prompt the
user at each form, the form just checks who's logged into the database.

In a domain network, you could also just embed code to check the user's NT
name.

Drew

-----Original Message-----
From: Mark A Matte [mailto:markamatte at hotmail.com] 
Sent: Wednesday, December 20, 2006 11:26 AM
To: accessd at databaseadvisors.com
Subject: [AccessD] Password Generator?

Hello All,

I was asked to look at an A97 db.  At first glance it was apparently created

by the addressBook wizard. When I found they paid 2 or 3 grand for it about 
6 years ago...kinda made me ill...but anyway.   The I noticed some of the 
forms required a password.  I looked at the tables...and sure enough there 
was tblPassword that had the input mask set to 'Password'...so I switched 
it...and there were the passwords...so I thought...they were all numbers.  I

tried the numbers when opening the forms...but no luck.

Here is another confusing part...the db opens to Switchboard with the db 
window minimized...nothing is locked down...its wide open...why a password?

Anyway...I went to design view...and what I found...really amazed me.  There

are about 16 lines of code that takes whatever you type in...does some Asc()

some MOD some -+/* and loops through all of these calculations to come up 
with a number.  I then realized that the numbers in the password table 
actually matched to a word/phrase/number and case sensitive.

Since there is a single number that was the result of a list of 
calculations...I can't think of anyway to figure out what phrase would match

the existing numbers.  But I can put a phrase in...step through the 
code...see the resulting number...then go put it in the table.

Has anyone seen/done something like this?

Even thought this was 'purchased'(consultant came in and built...still makes

me ill)....there is no documentation...or information related to who wrote 
this code...It should be ok to post here?

Just curious what approaches others use for security.  In and .MDE this 
would be brilliant in my opinion.

Thanks,

Mark A. Matte

_________________________________________________________________
Experience the magic of the holidays. Talk to Santa on Messenger. 
http://clk.atdmt.com/MSN/go/msnnkwme0080000001msn/direct/01/?href=http://ima
gine-windowslive.com/minisites/santabot/default.aspx?locale=en-us

-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

More information about the AccessD mailing list