Require users to select a password

  • Thread starter Thread starter BruceM
  • Start date Start date
B

BruceM

I have implemented user-level security. I am just about ready to split,
then deploy the database, but I have questions, and am in need of a
strategy.
I am using a shortcut in the format:
"C:\Program Files\Microsoft Office\OFFICE11\MSACCESS.EXE" "C:\Documents and
Settings\JohnDoe\My Documents\CAR.mdb" /user RecordKeeper /wrkgrp
"C:\Documents and Settings\JohnDoe\Application
Data\Microsoft\Access\SecureDB.mdw"

In my tests I double click on the shortcut icon and see a login box with
RecordKeeper and a space for the password. I can change the user name
manually and log on as others in the workgroup. I can't open the database
file directly. In short, it works as it should.
When I split the database, what do I need to change in the shortcut? The
first part of it will still point to the Access executable, I expect. Will
the second part ("C:\Documents and Settings\JohnDoe\My Documents\CAR.mdb")
point to the backend file, or to the mde front-end file on the local
machine? The last part (the location of the secure mdw file) will be in a
network location, I would think.
Or am I off the mark completely with this approach?

The strategy question is how to force users to enter a password. I can set
them up with a generic password, but I can't let people continue to use that
password. I realize that user-level security is not bulletproof, but it is
quite adequate to our needs provided that real passwords are used. The risk
then is that people will share their passwords, but that is not my problem.
I thought I had asked about this some months ago, as part of another
question, and I thought I had saved the response, hoping that another day I
would understand better, but I can't find it now. Any ideas on how to
implement this? I'm sure it has been covered, but I can't put together a
search string that produces the sought-after information.
 
BruceM said:
I am using a shortcut in the format:
"C:\Program Files\Microsoft Office\OFFICE11\MSACCESS.EXE" "C:\Documents and
Settings\JohnDoe\My Documents\CAR.mdb" /user RecordKeeper /wrkgrp
"C:\Documents and Settings\JohnDoe\Application
Data\Microsoft\Access\SecureDB.mdw"
Click to expand...
When I split the database, what do I need to change in the shortcut?
Click to expand...

First, when you split, don't use the splitter wizard as that will produce an unsecure backend. Instead do it manually. See www.jmwild.com/SplitSecure.htm

Once it is split, the frontend will contain the links to the backend, so there is nothing to change in the shortcut regarding the frontend. This assumes that you put the frontend in the same location on each person's computer. I suggest "C:\Documents and Settings\AllUsers\Application Data\CarData\CAR.mdb". Then you won't have to change it for each computer.

The
first part of it will still point to the Access executable, I expect. Will
the second part ("C:\Documents and Settings\JohnDoe\My Documents\CAR.mdb")
point to the backend file, or to the mde front-end file on the local
machine?
Click to expand...

It points to the mde FE on the local machine.

The last part (the location of the secure mdw file) will be in a
network location, I would think.
Click to expand...

Yes. You can use a UNC pathname for this path "\\servername\share\securedb.mdw"
Not sure you want to include the /user switch, since different people will be logging in with different names?
The strategy question is how to force users to enter a password.
Click to expand...

You can try to open a new workspace, passing CurrentUser() as the username
and "" as the password. If you don't get an error, then the "" password is correct, and they have a
blank password.

Dim ws as Workspace
Set ws = DBEngine.CreateWorkspace("tempws", CurrentUser(),"")
If Err=0 then
'they have a blank password
'open a form for them to change their password
Else
'they don't have a blank password
'do nothing
End If
 
Thanks for the reply and for the information. Regarding the shortcut, my
intention is that each person's computer will have a different shortcut
containing their user name at the user switch. If somebody logs on from a
computer other than their own they can change the user name. I will use UNC
for all network locations.

Not being sure what exactly to do with your suggested code, I put it into
the Open event of a startup form. When the current user had a password I
got error 3029 on the Set ws line, so I used error handling to ignore the
error. In the code below I added a message box to let me know I had reached
the part of the code where a form would open and the user would have to
enter a password.

Private Sub Form_Open(Cancel As Integer)

On Error GoTo Form_Open_Error

Dim ws As Workspace
Set ws = DBEngine.CreateWorkspace("tempws", CurrentUser(), "")

If Err = 0 Then MsgBox "No password"

ProcExit:
Exit Sub

Form_Open_Error:
If Err <> 3029 Then
MsgBox "Error " & Err.Number & " (" & Err.Description & ") " & _
"in Form_Open, Form_frmStartup"
End If
Resume ProcExit

End Sub

This creates the expected result: When there is a password, the form opens.
When it does not, I see the "No password" message. Now comes the part I
don't get, which is how to substitute an action for the "No password"
message. I could have the code open a form, which could have a text box for
the user to enter a password (and another to confirm it), but I haven't been
able to figure out how to associate that new password with the user.

I expect that once I understand how to open a password form I will be able
to ensure that the password is of a certain length. If I could require that
there be, say, at least one number and one non-alphanumeric character, so
much the better, but if that is going to be complex I will leave it alone
for now. The other thing is that I may need to force a password change from
time to time. The administrator could clear the password, but then the user
could just go in and enter the old password. Again, this may be clearer to
me once I see how to set up the initial password form, but I would
appreciate any comments you could make on these points.

I am using a shortcut in the format:
"C:\Program Files\Microsoft Office\OFFICE11\MSACCESS.EXE" "C:\Documents
and
Settings\JohnDoe\My Documents\CAR.mdb" /user RecordKeeper /wrkgrp
"C:\Documents and Settings\JohnDoe\Application
Data\Microsoft\Access\SecureDB.mdw"
Click to expand...
When I split the database, what do I need to change in the shortcut?
Click to expand...

First, when you split, don't use the splitter wizard as that will produce an
unsecure backend. Instead do it manually. See
www.jmwild.com/SplitSecure.htm

Once it is split, the frontend will contain the links to the backend, so
there is nothing to change in the shortcut regarding the frontend. This
assumes that you put the frontend in the same location on each person's
computer. I suggest "C:\Documents and Settings\AllUsers\Application
Data\CarData\CAR.mdb". Then you won't have to change it for each computer.

The
first part of it will still point to the Access executable, I expect.
Will
the second part ("C:\Documents and Settings\JohnDoe\My Documents\CAR.mdb")
point to the backend file, or to the mde front-end file on the local
machine?
Click to expand...

It points to the mde FE on the local machine.

The last part (the location of the secure mdw file) will be in a
network location, I would think.
Click to expand...

Yes. You can use a UNC pathname for this path
"\\servername\share\securedb.mdw"
Not sure you want to include the /user switch, since different people will
be logging in with different names?
The strategy question is how to force users to enter a password.
Click to expand...

You can try to open a new workspace, passing CurrentUser() as the username
and "" as the password. If you don't get an error, then the "" password is
correct, and they have a
blank password.

Dim ws as Workspace
Set ws = DBEngine.CreateWorkspace("tempws", CurrentUser(),"")
If Err=0 then
'they have a blank password
'open a form for them to change their password
Else
'they don't have a blank password
'do nothing
End If
 
BruceM said:
This creates the expected result: When there is a password, the form opens.
When it does not, I see the "No password" message. Now comes the part I
don't get, which is how to substitute an action for the "No password"
message. I could have the code open a form, which could have a text box for
the user to enter a password (and another to confirm it), but I haven't been
able to figure out how to associate that new password with the user.
Click to expand...

Yes, at its simplest: an unbound form with three
textboxes txtUsername, txtPwd, txtConfirmPwd
Add a button with the following in its click event

DbEngine.Workspaces(0).Users(Me!txtUsername).NewPassword Me!txtPwd,
Me!txtConfirmPwd

Look in Help for more details. There is likely code in the security FAQ as
well.
http://support.microsoft.com/?id=207793
 
It turns out there is some code in the Security FAQ, but it is to clear the
password. Upon further study it is the same code as you used, except that
there is some variable declaration going on so it looks different at first
glance. It might have taken some time for me to sort through Help and the
FAQ (and various other documents and links) to find a way to translate it
all into a way to have the users enter a password, so thanks for giving me a
nudge in the right direction.
If I understand NewPassword correctly, the first argument (before the comma)
is the old password, so if the form has opened it means the old password is
an empty string, which should mean I could just use that in the code:

DbEngine.Workspaces(0).Users(Me!txtUsername).NewPassword "",
Me!txtConfirmPwd

I'll do some experimenting, but I think I see how this works. Thanks again.

BruceM said:
This creates the expected result: When there is a password, the form
opens.
When it does not, I see the "No password" message. Now comes the part I
don't get, which is how to substitute an action for the "No password"
message. I could have the code open a form, which could have a text box
for
the user to enter a password (and another to confirm it), but I haven't
been
able to figure out how to associate that new password with the user.
Click to expand...

Yes, at its simplest: an unbound form with three
textboxes txtUsername, txtPwd, txtConfirmPwd
Add a button with the following in its click event

DbEngine.Workspaces(0).Users(Me!txtUsername).NewPassword Me!txtPwd,
Me!txtConfirmPwd

Look in Help for more details. There is likely code in the security FAQ as
well.
http://support.microsoft.com/?id=207793
 
Back
Top