Login Form Question

[ittechguy]

I'm thinking about locking down my database and creating a login form.



I was wondering, just how secure is a typical login form? Is it something that can be easily hacked into given enough time?

If so then I'm not sure its worth my time. I think I'd be balancing convenience and ease of use with security and if security isn't great enough, then whats the point?

[June7]

Holding down shift key while opening accdb file will bypass most db option settings as well as code. User has full control and can do whatever they want. There is a way to disable shift key bypass but it is very tricky.

[ranman256]

you can use a login form that uses Windows login authentication, but in a normal database it can be bypassed via shift key.
So you must compile the db into the non edit version.
If the login form closes without login/pass, docmd.quit.

Check against the windows authentication...

Code:

SUB btnLogin_Click()
Dim sUser As String, sPass As String, sDom As String

sUser = txtUser
sPass = txtPass
sDom = txtDom

If WindowsLogin(sUser, sPass, sDom) Then
   mbSafe = True
   DoCmd.OpenForm "frmMainMenu"
   DoCmd.OpenForm "frmLogin"
   DoCmd.Close
Else
   MsgBox "LOGIN INCORRECT", vbCritical, "Bad userid or password"
End If

'-----------------
Public Function WindowsLogin(ByVal strUserName As String, ByVal strpassword As String, ByVal strDomain As String) As Boolean
'-----------------

        'Authenticates user and password entered with Active Directory.

        On Error GoTo IncorrectPassword
        
        Dim oADsObject, oADsNamespace As Object
        Dim strADsPath As String
        
        strADsPath = "WinNT://" & strDomain
        Set oADsObject = GetObject(strADsPath)
        Set oADsNamespace = GetObject("WinNT:")
        Set oADsObject = oADsNamespace.OpenDSObject(strADsPath, strDomain & "\" & strUserName, strpassword, 0)
        
        WindowsLogin = True    'ACCESS GRANTED
        
ExitSub:
        Exit Function
        
IncorrectPassword:
        WindowsLogin = False   'ACCESS DENIED
        Resume ExitSub
End Function

[CJ_London]

Depends who you want to secure the db from and from what they might do.

I recommend as a minimum you have data in a back end with a password, disable the navigation window in the front end and supply the front end as a .accde or .mde

Any experienced access user will know ways round this - but it will prevent accidental changes to your db

password protected backend protects the table names, design and contents
hiding the navigation window protects table names, contents and query structure (i.e. changing/deleting/renaming queries, forms/reports)
supplying front end as .accde/.mde protects forms and reports from design changes and any changes to code in forms or modules (otherwise when a form is open, users can select design view)

[NTC]

actually locking down and logging can be 2 different things; log in can sometimes just be so the db knows who is the user - as if maybe you are going to append their ID into records as they enter or edit data.....one can have log ins even for casual dbs that are not particularly locked down......

it is lock down that is layers and a trade off of management hassle versus hack proof. without necessarily knowing who the user is via any sort of log in.... you may want to use the password protection that is part of the product option or at the OS level in terms of permissions

it is quite easy to keep casual users from messing things up as the advice already given will do the job; but if you are worried about tech savvy intent crackers then I'm not sure Microsoft intends for Access to be the solution......