Password Protection

Printable View

Feb 11th, 2001, 03:05 PM
warkers1

I have a program that requires the user to log in. I have done several programs like this, but in those there was only a few users, so i hardcoded the passowrd into a variable. Now i have a ton of users and I want to store the passwords in a database. The only problem is that I am not sure how to access the passwords to check for validation. Any help?

Thanks,
Steve
Feb 11th, 2001, 03:24 PM
ExtremePimpness

The Registry

You could always encrypt them and storethem in the registry. Using the password as the key to the encryption. and store it with the username as the reg key and the encrypted form of it as the value. so it takes the user name and modifies it with the password to see if it got the same answer it got the first time.

Example:

If UCase$(PassText.Text) = DecryptText(GetSetting("MyApp", "Startup", user.text , EncryptText(user.text, pass.text))) Then

and in a modual put:

Option Explicit

#Const CASE_SENSITIVE_PASSWORD = False
Public Function EncryptText(strText As String, ByVal strPwd As String)
Dim i As Integer, c As Integer
Dim strBuff As String

#If Not CASE_SENSITIVE_PASSWORD Then

'Convert password to upper case
'if not case-sensitive
strPwd = UCase$(strPwd)

#End If

'Encrypt string
If Len(strPwd) Then
For i = 1 To Len(strText)
c = Asc(Mid$(strText, i, 1))
c = c + Asc(Mid$(strPwd, (i Mod Len(strPwd)) + 1, 1))
strBuff = strBuff & Chr$(c And &HFF)
Next i
Else
strBuff = strText
End If

EncryptText = strBuff

End Function

'Decrypt text encrypted with EncryptText
Public Function DecryptText(strText As String, ByVal strPwd As String)
Dim i As Integer, c As Integer
Dim strBuff As String

#If Not CASE_SENSITIVE_PASSWORD Then

'Convert password to upper case
'if not case-sensitive
strPwd = UCase$(strPwd)

#End If

'Decrypt string
If Len(strPwd) Then
For i = 1 To Len(strText)
c = Asc(Mid$(strText, i, 1))
c = c - Asc(Mid$(strPwd, (i Mod Len(strPwd)) + 1, 1))
strBuff = strBuff & Chr$(c And &HFF)
Next i
Else
strBuff = strText
End If
DecryptText = strBuff
End Function

To store the passwords use somthing like this:

SaveSetting "MyApp","StartUp",User.text,encrypttext(uster.text,pass.text)
Feb 11th, 2001, 03:34 PM
ExtremePimpness

ian
Feb 11th, 2001, 04:22 PM
kiesmithuk

yes you could use the registry but i wouldnt suggest it because a) anybody could just delete the string! b) they have the crypted password which Could be unencypt c) a database would be better because only the databse could be passworded so no1 can access it and then it can also be encrypted for increased security. then possible to have a backup of this on seperate partition.
Feb 11th, 2001, 04:28 PM
parksie

If you want security an Access database isn't where you find it...

Just something to keep in mind when choosing the DBMS you're going to use :eek:
Feb 11th, 2001, 04:30 PM
kiesmithuk

True :)
Feb 11th, 2001, 04:37 PM
ExtremePimpness

They are right those are much more secure. but that was the only code example i had. i hope it helps you.