Jim,
We also recommend with today's issues about security, that you enforce good,
solid standards for passwords and access keys. A couple of other things
that can really make your app shine in this area is to use the built in
Windows security systems for users and groups. This will take a bit of
work but once you have it up and running, it does make your application much
more easy to administer for users and access rights. One other suggestion
is that you add encryption to your passwords that are stored in the DB.
This will protect not only the system and data, but the individual users.
With encrypted passwords, it becomes extremely hard for someone to obtain a
users password and use it for unauthorized purposes.
--
Sincerely,
Todd B - CEO - Agendum Software
(608) 837-6736 Voice (419) 821-9599 Fax
** New Version of AgWindowWatch, AgOnlineUpdate and AgFastform released!
Visit our website for more information!
> Thanks for the response Joe. I am actually considering your approach. You
> say:
> "...when the program starts , it creates a connection to sql
> server , then pops up a dialog for the user to log in"
> When opening your connection, do you use the same userid/password entry
for
> all logins, or do you use one for each user? As I understand it, this
> part is just to establish the connection to the DB while Another login
> process determines app functionality.
> Thanks,
> Jim
> > Hi,
> > One idea , I can give you is what I have done before.That is have your
app
> > open up a connection to sql server
> > the same for all users, then have a table created with the users
> privileges,
> > and query the table to return
> > info based on the user.Then set up the front end program to turn on/off
> > features based on the return of the query.
> > You then only have to build a management form , to add records to the
> table
> > , and set the flags for each user.
> > for example , > then do a select like .. select * from userpriv where
user
> = luser and
> > password = lpassword.You can have collums like
> > user,password,invoice,customerservice etc ..and if the user is found in
> your
> > table , and the invoice bit is true , you enable the invoicing section
of
> > your front end etc ...
> > Hope that helps .
> > - Joe -
> > Joe Povilaitis
> > Webmaster
> > www.SQLwarehouse.com
> > > We are migrating an old Foxpro app to VB/SQL Server 7. The original
app
> > uses
> > > boolean values stored in a table to enable/disable app functionality
> > > depending on the user. Certain menu options/command buttons would be
> > > enabled or disabled depending on how a user is set up in via the
> > applicaion.
> > > Would I be better off continuing this approach? I was thinking of
> logging
> > on
> > > to the server with admin privileges (via code)and just letting the
app's
> > > (front end) security model handle what can and can't be done to the
> > > database. All database access/changes will be done via stored
> procedures.
> > > I would appreciate any comments or advice, as well as links to where I
> can
> > > find more information on this.
> > > Thanks,
> > > Jim
by