user passwords in a visual foxpro application 
Author Message
 user passwords in a visual foxpro application

I have been able to allow users to log in to a visual foxpro application.

My problem is that the user, login and passwords for each user are stored in
a dbf table which does not offer much security since anyone can open a dbf
file and see its contents.

One option I have to increase security for my application is to write
encyrption and decryption procedures for passwords. Example, I would type
4523 as my password but when it is stored on the table it would be DEBC.

This is, however, quite difficult to implement.

Does anyone have any suggestions on this. NOTE: each user must have his/her
own unique password to access the VFP system

thanks is advance



Wed, 17 Jul 2002 03:00:00 GMT  
 user passwords in a visual foxpro application
Hamilton,

You got the right idea but instead of going from NUMERIC to CHARACTER why
don't you implement CHARACTER to NUMERIC.

It is easier for the user to remember words instead of numbers.

Hope this helps
Abel


Quote:
> I have been able to allow users to log in to a visual foxpro application.

> My problem is that the user, login and passwords for each user are stored
in
> a dbf table which does not offer much security since anyone can open a dbf
> file and see its contents.

> One option I have to increase security for my application is to write
> encyrption and decryption procedures for passwords. Example, I would type
> 4523 as my password but when it is stored on the table it would be DEBC.

> This is, however, quite difficult to implement.

> Does anyone have any suggestions on this. NOTE: each user must have
his/her
> own unique password to access the VFP system

> thanks is advance



Fri, 19 Jul 2002 03:00:00 GMT  
 user passwords in a visual foxpro application
I have written many password protected systems.  What I do is to write a
one-way hashing routine and store the hashed result to the database.

When a user tries to log in, his password is hashed and compared to the
hashed password in the database.  This works well that even *I* can't tell
what someone used for a password.  The hashing is one way.  There is no way
to extract the password from the result of the hashing.

One simple method of hashing is to multiply each letter in the password by
some value that is set in the hashing program, then add them together.  More
mathematical tom-foolery can be added.  The resultant number can then be
rounded and stored.

hashedpass = substr(pass, 1, 1) * 123587.23658 ;
           + substr(pass, 2, 1) * 115657.16687 ;
           + substr(pass, 3, 1) * 265774.36558 ;
           + substr(pass, 4, 1) * 351478.23658 ;
           + substr(pass, 5, 1) * 532698.12785 ;
           + substr(pass, 6, 1) * 321587.38541 ;
           + substr(pass, 7, 1) * 725631.26587 ;
           + substr(pass, 8, 1) * 136884.12547

How secure do you want?  With the source, someone could probably come up
with an "unhasher" that will create some kind of a valid output, but it
wouldn't be easy.

You can add more math to the system, use the scientific math functions
(sqrt(), cos(), etc), create several numbers that are all stored, or
whatever you want.

Ray Drouillard


Quote:
> I have been able to allow users to log in to a visual foxpro application.

> My problem is that the user, login and passwords for each user are stored
in
> a dbf table which does not offer much security since anyone can open a dbf
> file and see its contents.

> One option I have to increase security for my application is to write
> encyrption and decryption procedures for passwords. Example, I would type
> 4523 as my password but when it is stored on the table it would be DEBC.

> This is, however, quite difficult to implement.

> Does anyone have any suggestions on this. NOTE: each user must have
his/her
> own unique password to access the VFP system

> thanks is advance



Fri, 26 Jul 2002 03:00:00 GMT  
 
 [ 3 post ] 

 Relevant Pages 

1. stored procedure in client/server application for visual foxpro application

2. Controlling Visual FoxPro from a Visual C++ Application

3. 16-bit Visual C++ Application access to Visual FoxPro database

4. Running FoxPro 2.5 Applications under Visual FoxPro

5. User Password Change form

6. user password - managing

7. Visual FoxPro Demo for User Group/Vancouver

8. Using ADSI to find Network User Group in Visual Foxpro 7.0

9. Flordia FoxPro Visual 3.0 ( user club )

10. Visual FoxPro 3.0 MACINTOSH - any users out there

11. Terminal Server, Visual Foxpro, and limiting the amount of users

12. securing passwords in a custom VFP application

 

 
Powered by phpBB® Forum Software