“本土种植的”访问安全性 [英] "Home grown" Access Security

问题描述

我正在考虑使用一个包含用户名，密码和用户权限的表，

我会管理它。我已经阅读了很多关于这个

的缺陷以及缺乏安全性但客户不希望使用Access

安全性以及他们更关注的是解决方案当用户执行关键操作时，系统可以验证它实际上是否是b $ b用户，例如检查表中的用户名和密码，而不是从下拉列表中选择

，（有人实现了类似吗？）。我的问题

是，用户是否可以输入他们的用户名和密码

他们打开数据库然后存储该用户名

他们的数据库活动，而不是要求他们在每个函数上放置他们的用户名

和密码？


提前致谢


将

I am looking at using a table with user names, passwords and user rights,
which I would administer. I have read a lot about the shortfalls of this
and the lack of security but the customer does not wish to use Access
security and what they are more focused on is a solution for when a user
performs a critical action the system can verify that it is actually that
user, e.g. Checks User Name and Password in a table in place of just
selecting from a drop down, (Has anyone implemented similar?). My question
is, is it possible for a user to enter their user name and password when
they open the database and then to store that user name for the rest of
their database activity, rather than requesting that they put their username
and password in on every function?

Thanks in advance

Will

推荐答案

是的。


商店在

全局变量

或

数据库属性

或

a表。


但是当db

启动时，Access安全性会提示输入用户名和密码，然后在使用数据库时应用该安全性我不会

真的看到你正在获得什么，除了一个（可能）错误骑行不是真的

安全替代。

-

Terry Kreft

MVP Microsoft Access

" will" <无线********* @ hotmail.com>在消息中写道

新闻：34 ************* @ individual.net ...

Yes it is.

Store in either
global variables
or
database properties
or
a table.

But as Access security prompts for the username and password when the db
starts and then applies that security as they use the database I don''t
really see what you are gaining, except a (possibly) bug ridden not really
secure alternative.
--
Terry Kreft
MVP Microsoft Access
"Will" <Wi*********@hotmail.com> wrote in message
news:34*************@individual.net...

我正在寻找使用表格用户名，密码和用户权限，我将管理。我已经阅读了很多关于这个缺点和缺乏安全性但是客户不希望使用Access
安全性以及他们更关注的是当用户
执行关键操作，系统可以验证它实际上是
用户，例如检查表中的用户名和密码，而不是从下拉列表中选择，（有人实现了类似吗？）。我的
问题是，用户是否可以在打开数据库时输入用户名和密码，然后为其余的数据库活动存储该用户名，而不是请求他们将
用户名和密码放在每个功能上？

提前致谢

将

I am looking at using a table with user names, passwords and user rights,
which I would administer. I have read a lot about the shortfalls of this
and the lack of security but the customer does not wish to use Access
security and what they are more focused on is a solution for when a user
performs a critical action the system can verify that it is actually that
user, e.g. Checks User Name and Password in a table in place of just
selecting from a drop down, (Has anyone implemented similar?). My question is, is it possible for a user to enter their user name and password when
they open the database and then to store that user name for the rest of
their database activity, rather than requesting that they put their username and password in on every function?

Thanks in advance

Will

Will写道：

我正在考虑使用一个包含用户名，密码和用户权限的表，我将管理这些权限。我已经阅读了很多关于这个缺点以及缺乏安全性但客户不希望使用Access安全性以及他们更关注的是什么时候的解决方案用户执行关键操作，系统可以验证它实际上是该用户，例如在表格中检查用户名和
密码，而不是从下拉列表中选择（有没有人实现类似的？）。

I am looking at using a table with user names, passwords and user
rights, which I would administer. I have read a lot about the
shortfalls of this and the lack of security but the customer does not
wish to use Access security and what they are more focused on is a
solution for when a user performs a critical action the system can
verify that it is actually that user, e.g. Checks User Name and
Password in a table in place of just selecting from a drop down, (Has
anyone implemented similar?).

如果这就是他们想要的只是捕获他们的Windows登录。没有桌子和

密码甚至是必需的。


本土安全的最基本问题是任何用户都将是

能够看到您的UserNames和Passswords表。它可以像

那样用来跟踪谁输入了什么，但是如上所述，你可以为它捕获

Windows名称。


-

我没有查看附加的电子邮件帐户

到此消息。发送给... ...

在Hunter dot com的RBrandt

If that''s all they want just capture their Windows logon. No tables and
passwords even required.

The most basic problem with home-grown security is that ANY user will be
able to see your table of UserNames and Passswords. It can work just as a
way to track who entered what, but as stated you can just capture the
Windows name for that.

--
I don''t check the Email account attached
to this message. Send instead to...
RBrandt at Hunter dot com

Rick Brandt写道：

Rick Brandt wrote:

如果这就是他们想要的只是捕获他们的Windows登录。甚至不需要表格和
密码。

If that''s all they want just capture their Windows logon. No tables and
passwords even required.

来自访问网站： http://www.mvps.org/access/api/api0008.htm 。

那将是Rick建议让你登录Windows，除非有一个更简单的方式...

-

Tim http://www.ucs.mun.ca/~tmarshal/

^ o<

/＃）Burp-beep，burp-beep，burp-beep？ - Quaker Jake

/ ^^什么是UP，Dittoooooo？ - 同上

From the access web: http://www.mvps.org/access/api/api0008.htm.
That''ll get you the windows login as Rick suggested, unless there''s an
easier way...
--
Tim http://www.ucs.mun.ca/~tmarshal/
^o<
/#) "Burp-beep, burp-beep, burp-beep?" - Quaker Jake
/^^ "What''s UP, Dittoooooo?" - Ditto

这篇关于“本土种植的”访问安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！