I have made a password change form. It works. But I know it is not right. Could someone please take a look at it and point me in the right direction?
I have made a password change form. It works. But I know it is not right. Could someone please take a look at it and point me in the right direction?
If you really want someone to look at it, then you need to supply a version that isn't locked down.
You also need to provide user name /password
Otherwise we're just wasting time removing security measures and guessing passwords etc.
I have a security level, user table and user login form. I don't know what you mean other than that.
I will look into version. I knew that was something I needed to figure out also. I am just trying to do this in steps.
I finally realized what you were talking about. The username is Delfina and the password is halibut.
There are a lot of different directions.Code:Could someone please take a look at it and point me in the right direction?
Perhaps describe what you would like do.
Is there an expiration date or event which should trigger the change request?
Case sensitive? Required characters?
The user name / password was obviously helpful but only part of the issue.
I also meant you should provide full menus, remove the custom ribbon etc
As it was I had to spend a couple of minutes doing that myself
To expand on moke's response there are several things you could do including:
a) only allow a set number of password attempts e.g. 3 before closing the database
b) check the case username and password e.g. allow halibut but not Halibut
c) add provision for changing passwords e.g. after specified number of days
I would definitely recommend doing a) at the very least
Most important of all - if possible do NOT store passwords in your database
If you must store the passwords in your database these need to be securely encrypted
Using a password mask is no protection at all
If you want a 'happy boss' (you should understand why I wrote that), you should securely encrypt your passwords so they aren't readable to users
In fact I didn't even need to open your database to determine the usernames & passwords stored
These are clearly visible in any text editor such as Notepad
Recommend you look at my example login form application.
It includes password expiry code and encryption together with additional features
http://www.mendipdatasystems.co.uk/p...gin/4594469149
The code has:
If (TempPass = "password") Then
MsgBox "Please change Password", vbInformation, "New password required"
DoCmd.OpenForm "Change Password", , , "[UserLogin] = " & UserLogin
When they first receive the front end with "password" as the password, I would like for them to be able to change it. But then again I would like for them to be able to change it anytime they feel it is necessary. By the way, thank you for looking at this for me.
OK but that doesn't affect any of the points I made regarding password security
Do have a look at the example I gave - all the code is available and you are free to use it
Apparently I had made that comment before seeing your comment #6. The login form application that you provided is amazing. Much more and above that I had hoped was possible. You are an amazing programmer.
Thanks - its not a particularly complex bit of code but it was tricky to get the logic right
Having said that, in this particular case I was building on the work of another extremely able programmer, David Crake
FYI, I've started work on an enhanced version of that utility with several additional features
That will be available in the near future but there will be a small charge for it.
The free version will continue to be available as well
If you are interested in knowing more, please email me using the link in my signature line
I would definitely be interested and I will send you an email.