PBDR.COM

About   -   Contact   -   Purchase   -   Search   -   What's New

 
 
Preventing User Access From Other Tools
When users have other products on their machines that allow them to connect to a database, a tool like Access for example, they have the ability to connect to your Application Database. If the user knows their ID and password, which they do when they login via your application logon screen then there is nothing stopping them from connecting via Access and bypassing all your lovely business rules in your PowerBuilder client and hacking the data.

The simplest way to stop this is to encrypt the users password. It does not have to be anything complicated, but it should be more than just reversing the password for example. Take a look at the encryption routines on the software page.

When the user logs on you should attempt to logon the user with their ID and the encrypted version of their password. If this fails, try their password in plain text. If you get a connection then encrypt the password. This way you can secure the user accounts in place and re-encrypt when the users password is reset.

If you want to take the security a little further you can also hide the encryption algorithm from your fellow developers by writing the encryption routine as a C++ DLL and make an external function call.

 

Top of Page

Legal Notice

Ken Howe 2011