If we've been bamboozled long enough, we tend to reject any evidence of the bamboozle... It's simply too painful to acknowledge, even to ourselves, that we've been taken.
Could we further the security of the DB by creating a hash of the users password and storing that in the table instead of a clear-text password field? We could then retrieve the hash from the table and compare that hash value to a hash value that was attempted.
I guess a problem I see with this is that the "hacker" could change their password (just as if it was a clear text) to a new password in which they created the hash for. Of course this would be providing that they know the hash algorithm that your using....
Reply from Richard Rost:
Yes, and yes. :) As I explain in the seminar, this is only "good enough" security for most offices/users. Anybody who really knows Access well can get around it... but you could encrypt the passwords in the table using a hash or some other method. Applying something simple and straightforward like a checksum value to the password would allow you to check for tampering at the table level. Again, like you said, this assumes that nobody knows your algorithm. Honestly, if you need THAT much security, however, you're better off setting up a database server.
Sorry, only students may add comments.
Click here for more
information on how you can set up an account.
If you are a Visitor, go ahead and post your reply as a
new comment, and we'll move it here for you
once it's approved. Be sure to use the same name and email address.
