Enter user name, enter password, then press enter...

[Guest]

I created a mock login screen for testing. I haven't bothered to make it
actually validate anything for login. I'll get into trying that out later.
However, I was wondering if it is possible to allow users to enter their user
name and password, then have the login button respond to the enter button as
well as a mouse click. Currently, if I type in a user name and password, then
press enter, it just highlights the button, but doesn't press it. Any way to
make it treat the enter button just as any normal login would?

--
Have a nice day!

~Paul
Express Scripts,
Charting the future of pharmacy

 

[Rick B]

Why are you creating a login form?

Access comes with a full security system called User-Level Security. You
cannot create a custom login form if you use ULS. If you try to grow your
own security, you will be wasting a great deal of time reinventing the
wheel. You will also be setting yourself up with a much less secure
database. You will be storing the userids and passwords in a table. What
will prevent your users from simply opening that table?

Also, Why couldn't I simply hold down the SHIFT key while opening your
database and completely bypass your login form?

Use the tools available.

Make a couple of copies, then read (and reread) the links below. You must
follow EVERY step IN ORDER.

--
Rick B



Security FAQ

http://support.microsoft.com/?id=207793



The Security Whitepaper is also worth reading to help you understand.

http://support.microsoft.com/?id=148555



Joan Wild:

www.jmwild.com/AccessSecurity.htm



Lynn Trapp

http://www.ltcomputerdesigns.com/Security.htm

 

[Roger Carlson]

You could "call" the enter button procedure from the AfterUpdate event of
the textbox.

--
--Roger Carlson
Access Database Samples: www.rogersaccesslibrary.com
Want answers to your Access questions in your Email?
Free subscription:
http://peach.ease.lsoft.com/scripts/wa.exe?SUBED1=ACCESS-L

 

[Guest]

If you wanted to disable the shift-bypass, then you could do it following the
instructions here:
http://www.microsoft-accesssolutions.co.uk/disable_shift_bypass.htm

although to be honest, I expect those instructions are available in more
places than that. If you do do that, however, make sure you've got a way of
re-enabling it if a valid system administrator logs in, otherwise you're
making your own life more difficult!

(sorry Rick, but I use my own security also instead of the access one. But
then again I don't expect my security it to be perfect on its own -- if
someone has NT permissions to the file they could still get the data out by
mailmerge or something - but it serves its purpose and I find it easier to
administer than the access built-in security)

 

[Guest]

Set the Default property of the button to Yes

 

[Ron Weiner]

Rick

What do you do when the customer asks that the database login in be the same
username and password as they use to log on to their domain? This IMO is a
reasonable request from the client, as the user has to remember only one
username and password to use all of the stuff that she is permitted to use.
Using Access Security would be an Admin nightmare in this instance if the
database has say 30 users. What if it had 300 users? What if the company
had a policy that passwords had to change every 90 days?

I have implemented this type of security for Access, VB, and Web Based ASP
applications in organizations with hundreds of users using ADSI and LDAP.
In Access databases I also use the "disable the shift-bypass" technique to
prevent the user from getting around my start up code.

In the user table in my database all I need is each users Domain Username.
When I get the Username / Password in my custom login form, I first check to
make sure that the user is in my database then query Active Directory to see
if the Username / Password pair authenticates.

My customers and I see this as a very powerful way to maintain security for
the following reasons.
* Whenever their domain password changes it is immediately reflected in
the database login
* Users are less prone to tape their password to the back of the
keyboard or monitor when they have only one to remember
* Domain Admins can insure that user passwords change every N days for
ALL applications
* The users Password is NOT stored anywhere in the database

Is this technique as secure as the built in Access Security? Probably NOT!
Could a Tech Savvy user beat my system and get to the tables in my database?
YES!!! But, it does provide a reasonable level of security that is easy to
administer.

I believe that anyone who was sufficiently motivated could defeat Access
Security if they had a couple bucks and internet access. Look at what I
found on Google by Googling "Crack Access Security".

http://www.shareup.com/Access_Recovery-download-31557.html
http://lastbit.com/mso/default.asp
http://www.topshareware.com/Access-Recovery-download-36632.htm
http://www.batchconverter.com/RemoveAccessSecurity-download-14170.shtml

The above links were all found on the first page of 1,780,000 hits. Prices
for these utilities ranged from $39.00 to $199.00. I was able to find all
of this stuff in less than a minute. So one has to weigh the risks with the
admin cost, and choose the method that is the best for them.

Ron W

 

[Guest]

Thanks for your help, everybody! I think for the purposes of the databases
needed for my company, I actually will suggest Rick's advice. I think for our
purposes, it would be easier and give us the control we need without more
work than it is worth. Thanks again to everybody, though. I'm still going to
test out all of your advice in case my company would rather do that at some
point.

--
Have a nice day!

~Paul
Express Scripts,
Charting the future of pharmacy