password encoding

[dendog]

Hey everybody;
My problem is I am trying populate a Visual Fox Pro database that contains the feild password. I want the password sent to this feild to be encoded in some way so that the person veiwing the database can not see the password--How can i perform this task by using java code on the password before i send it into the database
Thank you very much for all your help
DENNIS

 

[ChrisRChamberlain]

dendog

Set the .PasswordChar property of the textbox or grid1.column1.text1 to be *

Chris

 

[ramani]

Hi
What Chris said will make the display not visible. But the DBF will contain readable data.

To avoid readable data, I do the fllowing...
The data is accepted and stored in a different way.
Let us say.. the myPassWord is "ABCD1234". Then the data stored is converted by using SYS(2007,myPassWord)
Whenever the data is accepted, I convert it using the same function and then compare that value against the stored one. I never allow the password to be edited again... except that it can be replaced with a new password. Because of this, no one can read it or use it by reading.

Hope this helps.
ramani :-9
(Subramanian.G)
FoxAcc
ramani_g@yahoo.com
LET KNOW IF THIS HELPED. ENOUGH EXPERTS ARE HERE TO HELP YOU OUT! BEST OF LUCK

 

[dgrewe]

Here try these routines I wrote some time way ,way, way, back

http://ibs.internationalbid.net/home/dave/code_html/codein.html

http://ibs.internationalbid.net/home/dave/code_html/codeout.html

store 52 to ccCodeKey (or what every number 1 - 137 you want to use)
lcPassword = "HITHERE"

replace DBF.PASSWORD with codein(lcPassword , ccCodeKey)
? DBF.PASSWORD
? codeout(DBF.PASSWORD , ccCodeKey)

David W. Grewe
Dave@internationalbid.com
ICQ VFP ActiveList #46145644

 

[weedz]

If you really want to encrypt things, check out the BITOR() and alike functions in the MSDN.

HTH, Weedz (Wietze Veld)
My private project:

http://www.crowncap.demon.nl

And especially for VFP rookies:

http://fox.wikis.com/wc.dll?Wiki~VFPRookieMistakes~VFP

 

[ChrisRChamberlain]

Dennis

I want the password sent to this field to be encoded in some way so that the person viewing the database can not see the password--

If I read this correctly, you are only concerned about a user being able to gain knowledge of the password through seeing it on screen somewhere?

If that is true, then encyption is unneccessary to achieve what you want.

If not, then you certainly need to consider the other alternatives suggested - perhaps you could advise the correct interpretation of your requirements?

Chris

 

[danb1961]

Why should you store your password to a table field instead of checking the password in code ?

 

[ChrisRChamberlain]

danb1961

If the password is not stored in a field, what value would you be checking the password against?

FAQ184-2483 - the answer to getting answered.​

Chris

 

[danb1961]

In code:
If inpassword='danb1961'
*enter
else
*out
endif
PS I think there is something I don't understand...
Thanks

 

[ramani]

Hi Danb1961

In code:
If inpassword='danb1961'
*enter
else
*out
endif

Yes.. Think.. That you have now coded the password and distributed the application. The next day when you typed the password, some one saw it. The password is then out!. No longer a secret or a pass. Then you are left out without any alternatce but to compile the code with a different password again.

Again, forget some one seeing it or leaking out the password. What happens, if the password holder is absent for a day and some one lese has to work on the software. Either the password has to be given or you have to compile again.

SO.. the best way is to use a table.. PassHolder one field and password in another field. Now you get the problem, that anyone browsing the table can see the password. SO you have to think of how to store the password so that no one can read this. .. SO this is the chain of action..

I have provided an FAQ on the password building.. As some members could point out that this not the best encryption of password stored in a table, it gives you a method to think about and to start with. Depending on the security requirement of the database and the data nature, you can use that or think of a better encryption method.

See link for more
How to build a Password control for you application?
faq184-1262


ramani
(Subramanian.G),FoxAcc, ramani_g@yahoo.com

 

[RLG07734]

I use a CRC32 encryption class to encode user entered passwords and store them into a table. Even if someone looks at the table, there is no way to extract the original password from the stored field.

You can use any number of encryption schemes such as CRC32, MD5, base64, etc. It all depends on your security requirements.

If you can't find it, email me and I'll send it to you.

Ron

 

[danb1961]

1. "If someone is seeing my password"===I use a variable password(it is changed every day):
mypasword=dtoc((date())+*"everything I want"
2. You are wright if you have in your program a procedure which allow to change the password any time the user wants,or there are severels useres with different wrights-in this case a table field is needed; if you don't....
Thanks

 

[monikai]

Hej !
Something funny about password:
Some years ago when i worked in helpdesk:
I had to restart user computer. But user was out. I asked his boss about password. He said "I know, I saw that he type eight stars" ...... Kind regards from Warsaw !!!!!
Monika (monikai@yahoo.com)

 

[Scott24x7]

Monikai,
Well... that's senior managment for you... :-s
Best Regards,
Scott

"Everything should be made as simple as possible, and no simpler."