Security issues a couple of questions??

[bhoran]

I am looking at setting up User-level security for a database. I have read most of the info from FAQs which has been invaluable, but id still have a couple of other questions.

1. When I set-up the database security it seems to affect all my databases, ie. I now need a login password on all databases even though I have setup logins on only 1 database. Is it possible to have it only affect one database?

2. Is it possible to setup a prompt so that the user will have to change their password when they enter for the 1st time? How do I do this?

Thanks for any help you can provide.

Cheers
bhoran

 

[bhoran]

Ok I get the issue of all databases being affected, it seems I was modifying a WIF and not creating a separate one. Fine however, I have another issue that is related and I have seen some info on it but I am still not sure.

I have a database on the network, it will be accessed by a group of 10 or so users.

However, they could access from any terminal on the network and the MSACCESS application launches from the C drive of the machine.

How do I ensure the users will always be linked to the correct WIF when they open this particular database?

I am struggling a little with these security concepts but I am getting there!

(ques 2 still stands on perviously posted thread)

Cheers
Bhoran

 

[bhoran]

Ok I have now set-up a new workgroup and a shortcut key to in network folder that uses the correct workgroup file however, if the user enters some other way i.e. opens MSAccess and then browses for the database, it defaults to their default and the db is not secured.

The users could use any machine to log on to the database so I need to make sure that whenever and wherever this DB is opened it uses the correct WIF.

Any Takers

Cheers

 

[JeremyNYC]

Bhoran,

Well, if nothing else, it sounds like you're getting to the right answers on your own! Congrats on that.

Once Access is opened, you cannot switch the WIF used for that session, so your users will have to close Access and open your database with your shortcut--no way around that.

If using the default WIF gets you into your database, then you've missed a step and it is not properly secured. It often takes a couple of attempts before you realize which step you've skipped. But go back to a backup you made before attempting to secure it and try again. Once you get it, it will not be possible to open the database except with the WIF you created for this.

As for getting all of your users to always use the correct WIF, it should sit on the server, right next to the database.

As for prompting users to change their passwords...there are a couple of strategies I have used. The one I have settled on lately is to create new user accounts with horrible, and very long passwords. I'll first start an e-mail to the user and type out the user name I'll give the person and then smack at the keyboard until I've created a password something like this:
sad9fjwej2392923995jsdf
Then I create the account and make sure Jet accepts the user and password (which I copy and paste from the e-mail). Once it goes through, I send out the e-mail.

At this point, I'm quite positive the user will heed my advice to change his or her password the first time in the database!

I have also used system where I give users a pwd that matches their user name and then uses a bit of code that checks to see if the user still has that pwd. I dug up the code. I wrote some of it and got some of it off the web, though unfortunately I don't know where I got it. I must say that it's been a long time since I looked at this code, and I'd be hard pressed to explain it all.

ErrorTrap is one of my library functions. You can get that code on my website. BRUsers is a user group in my database. This code was written to be able to check for allusers and just for one user, depending on how it was called.

I'm sure this could be adapted to do what you need, though it would probably take a decent bit of work. Here's the code (watch for line wraps):
Public Function CheckForOriginalPasswords(Optional sTempUser As String = "&quot As String
'(c)Copyright 2/6/01 Jeremy Wallace
On Error GoTo Error
Dim StrUserList As String
Dim iPos As String
Dim NewWorkspace As Workspace

If sTempUser = "" Then
StrUserList = ListUsersOfGroup("BRUsers&quot
Do Until Len(StrUserList) = 0
iPos = InStr(1, StrUserList, vbCrLf)
sTempUser = Left(StrUserList, iPos - 1)
StrUserList = Right(StrUserList, Len(StrUserList) - (iPos + 1)) 'extra character: linefeed
Set NewWorkspace = DBEngine.CreateWorkspace("CheckPassword", sTempUser, sTempUser)
CheckForOriginalPasswords = CheckForOriginalPasswords & vbCrLf & "Old: " & sTempUser
ContinueHere:
Loop
Else
iPos = 1000000
CheckForOriginalPasswords = vbCrLf & "Old"
Set NewWorkspace = DBEngine.CreateWorkspace("CheckPassword", sTempUser, sTempUser)
End If

'get rid of initial CR and LF
CheckForOriginalPasswords = Right(CheckForOriginalPasswords, _
Len(CheckForOriginalPasswords) - 2)
NewWorkspace.Close
Set NewWorkspace = Nothing
Exit Function
Error:
Select Case Err.Number
Case 91 'object or with variable not set--b/c there were no users with old pwds
Resume Next
Case 3029 ' not a valid account or password
'this is what we want
If iPos = 1000000 Then 'came in with a user specified
CheckForOriginalPasswords = vbCrLf & "New"
Resume Next
Else
CheckForOriginalPasswords = CheckForOriginalPasswords & vbCrLf & "New: " & sTempUser
Resume ContinueHere
End If
Case Else
ErrorTrap Err.Number, Err.Description, "CheckForOriginalPasswords"
End Select
End Function

Jeremy

==
Jeremy Wallace
AlphaBet City Dataworks

http://www.ABCDataworks.com

Access Databases for Non-Profit Organizations

Please post in the appropriate forum with a descriptive subject; code and SQL, if referenced; and expected results. See thread181-473997 for more pointers.

 

[bhoran]

Thanks for your input Jeremy I have gone back through the steps and you are right I still had some rights on the User group so people could still get in using their default WIF that has been corrected now - Yay.

The password issue, I like the idea of giving a horrible password 1st up, however my main issue is actually howto allow them to see that password update screen but nothing else. I am using a popup form on 1st screen but I am happy to change that if I can restrict the user so they only have access to the change password prompt. I can do make menu macro but I don't know how to call that (change password) particular function. I have looked at a custom toolbar with the "User and Group Accounts" prompt but it shows all three tabs; "Users", "Groups", "Change User Logon". Although they have npermissions to do anything on the first 2 tabs I would prefer if they did not see it at all.

I tried to work out if you called that functionality in your code but to be honest I don't know that much VB code.

Thanks alot for your time Jeremy I appreciate any help you can give here.

Cheers
bhoran

 

[JeremyNYC]

bhoran,

Here's the code I use to allow a user to change his or her own password. I use a form I built with three text boxes, one for the old pwd and two for the new one. On the click of a button, I call this code, passing in the values of the three text boxes.
Public Function ChangePassword(sOldPwd As String, sPwd1 As String, sPwd2 As String)
'(c)Copyright 2/6/01 Jeremy Wallace
On Error GoTo Error
Dim wsp As Workspace
Dim uUser As User

Set wsp = DBEngine.Workspaces(0)
Set uUser = wsp.Users(currentuser)
If sPwd1 = sPwd2 Then
uUser.NewPassword sOldPwd, sPwd1
DoCmd.Close
Forms!frmSwitchboard.Visible = True
Else
MsgBox "The passwords did not match. Please try again.", vbOKOnly + vbInformation, _
"Data Conflict"
End If
Exit Function
Error:
Select Case Err.Number
Case 3033 'wrong current password

Case Else
ErrorTrap Err.Number, Err.Description, "ChangePassword"
End Select
End Function

You could use code similar to the first stuff I put up to check their original password and if it's the same as the one you assigned, open the password form I just described modally.

I suppose you could also make a table with just one field. Each time you add a user, add a record with the users username in that field. When your application is opened it checks to see if there's a record in your table with the value of CurrentUser(). If so, open the password form. And modify the code here to delete that record if the person successfully changes his or her password.

Jeremy

==
Jeremy Wallace
AlphaBet City Dataworks

http://www.ABCDataworks.com

Access Databases for Non-Profit Organizations

Please post in the appropriate forum with a descriptive subject; code and SQL, if referenced; and expected results. See thread181-473997 for more pointers.

 

[bhoran]

Thaks again Jeremy, but I think this stuff is over my head, I had difficulty just calling the function, then there was a problem defining wsp and uUser.

If it is all easily explained and you have the time and patience I would appreciate it, but if not, what I have for now is working it's just not ideal, therfore I am not too worried.

P.s. I am not a programmer so my VB knowledge is pretty poor.

Cheers