Password Parameter

[APB1981]

How to create a password parameter in Crystal Reports:

Create a new Parameter and set the value as string.

Edit Default values: and write Password in the edit mask field.

Set the corresponding password in the Report Record.

Example:

{?password} = “secret”

This is just a nice little way to secure a password at runtime. If the user enters a wrong password then the report will print zero records.

If the user has access to crystal reports designer then the password can always be changed - but it is useful if you run your reports in an external application and your users do not have the knowledge or access to update the record.

APB

 

[Madawc]

This sounds like a tip, not a query.

Madawc Williams (East Anglia, UK)

 

[APB1981]

Sorry - it was supposed to be a tip - but for some strange reason it ended up in the Query section. My bad.

APB

 

[jdemmi]

I did something similar which actually does a little bit more.

Created a parameter called password.
Supressed some sections unless the correct password was entered.
SECTION EXPERT-->SUPRESS condition:
{?Password} <> 'PASSWORD'

This way I can have some if the report "viewable" by all users and the rest only viewable by management. Which prevents me from having to create multiple reports.


-- Jason
"It's Just Ones and Zeros

 

[vasu2005]

Hello all,

This tip would solve my security problem as well which I am facing. But in this case my password would be hard coded in crystal. Is there any way in which user can change the password once in a while.

Thanks,

Amita

 

[Madawc]

You could have a table of passwords as part of the system. That protects it from programmers who know Crystal.

Madawc Williams (East Anglia, UK)

 

[APB1981]

If you wanted to automally change the password each month to a pre-defined password - then you could place the folowing code in a formula then place it in the record:

if month (printdate) = 1 then {?password} = “secret” else
if month (printdate) = 2 then {?password} = “god” else
if month (printdate) = 3 then {?password} = “dog” else
if month (printdate) = 4 then {?password} = “cat” else
if month (printdate) = 5 then {?password} = “mum” else
if month (printdate) = 6 then {?password} = “dad” else
if month (printdate) = 7 then {?password} = “brother”

if you ran the report in Feb 2006 then you would use god as the password....etc

There are many options that could be set into play here. You could also write a large bold text in the heading section in bright red saying: Wrong password - try again (if the incorrect password was entered). And obviously suppress it if the user entered the correct password.

But the best option would be to link it to a table of passwords and usernames in your corresponding database.

APB

 

[chelseatech]

The problem with the password parameter is that anyone with CR can open the report look at the formulas and extract the passwords.

A better solution is to use the database. I had a table of job costing data with a "Manager" field that linked to the manager table. I then used a spare field in the manager table to store a password.

In the report I asked the usual record selection fields, and for the password. By including the manager table in the report, I could also check that the password field in the db matched what the user type in. An invalid password would return no records.

Those security concious types out there could encrypt the stored password and use a User Function Library to apply the same encryption to the password the user had typed in.

Editor and Publisher of Crystal Clear

http://www.chelseatech.co.nz/pubs.htm