Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Application Security 2

Status
Not open for further replies.
StormbringerX

StormbringerX

Programmer
Dec 14, 2000
102
US
Windows XP
SQLServer2000

Hello again,

We currently have new software written in VB6, Server OS is Windows 2000 server, Database SQLSERVER2000, individual PCs are running XP.

The software has been installed on-site and is running very well, however I need a way to limit access to certain programs and functions. The reason for this is that there are some PCs that will be used by lawyers, etc... and the users don't want them to be able to access certain programs, and they definitely don't need to be able modify or delete data. I know I can handle the modify and deletes through permissions to the database, but does anyone have any methods that allow them to prevent users from executing certain reports, accessing control tables, etc...? I would really like to avoid having to put passwords on each function that might need limited access.

Any help or thoughts is appreciated.

Dave
 
Sort by date Sort by votes
Can you assign an access level to the user when they first log in to the program, then check the access level in the different functions to make sure they have clearance?

In the past, I've used bit masking to check access level for this kind of thing. If you had 8 different access areas (not levels, just areas), then an administrator would have an access number of 255, meaning access to all 8 areas, though I use a higher number to cover more areas being added.

With this method, the administrator would assign access areas depending on the user login. This would take rewriting the program to assign and recognize access areas, though.

Lee
 
Upvote 0 Downvote
I was thinking along similar lines Lee. Let me ask you this, how do you store access levels for the users? By that I mean, do you store it in the Win Registry for that user, or do you hardcode checking for the user name in whatever startup form you use?
 
Upvote 0 Downvote
Store it in your database. It's easy to program and easy for admin to change as required. Registry is tied to a specific machine, do you can't then have roving users.

________________________________________________________________
If you want to get the best response to a question, please check out FAQ222-2244 first

'If we're supposed to work in Hex, why have we only got A fingers?'

for steam enthusiasts
 
Upvote 0 Downvote
Very good point. And with that method ANY PC could be designated as any type of user. Cool. Thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Auguy
  • Locked
  • Question
Application Has Stopped Working Error
Replies
1
Views
184
Auguy
Auguy
Adonetok
  • Locked
  • Question
Error: The Specified Executable Is Not A Valid Application For This OS
Replies
1
Views
574
jebenson
jebenson
kc27
  • Locked
  • Question
Request For Advice on Editing an Application
Replies
3
Views
201
jebenson
jebenson
LonnieJohnson
  • Locked
  • Question
"Cannot download the application"
Replies
1
Views
184
jebenson
jebenson
SP01
  • Locked
  • Question
How to support Hebrew language in .NET web application
Replies
0
Views
157
SP01
SP01

Part and Inventory Search

Sponsor

Back
Top