January 16, 2009 at 12:05 pm
I have an Access (2003) front-end with tables linked via ODBC to an SQL back-end (2005). Security is configured for Windows Authentication. (I would like to avoid using Access Workgroup security.) Right now, if a user runs the Access front-end, then through the magic of Windows Authentication he/she can access the linked tables as long as the security is set up correctly on the server side.
Of course, this is the expected behaviour. Now is there a way (perhaps a parameter in the connection string) that would actually prompt the user for his/her Windows credentials? The motivation behind this is: user#1 leaves his desk without locking the computer and user#2 can now use the unlocked pc to gain access to the data using user#1's credentials.
Thanks.
January 16, 2009 at 12:21 pm
So are you wanting the user to enter thier credentials each and every time they request new data?
what happens when user 1 walks away and doesn't close the app and user 2 sits down and accesses what they're not supposed to?
Most times the best solution to this problem is user agreements with teeth. User 1 is responsible for everything that happens via their login, regardless of if they're in front of the machine or not. Password Protected Screensaver time-outs help here as well...
-Luke.
January 16, 2009 at 12:40 pm
So I'm guessing you want to force a UserName/Password Check when the user opens the app for the first time right?
I'd imagine you should just be able to then use that username/password in your connection string, perhaps store it encrypted in a local app variable or something...
Check out http://www.connectionstrings.com/sql-server-2005 for many options for creating connection strings to connect to SQL Server 05. If you're connecting to a different version they have many listed on that site, just take a look around...
-Luke.
January 16, 2009 at 12:44 pm
I was thinking of adding an extra layer of security. When the front-end is initiallly loaded, then prompt for the password, but not every time that a linked table is accessed. I thought there was a connection string parameter to do this....maybe not.
January 16, 2009 at 12:58 pm
There is sort of, like I said you could theoretically store the username/password (encrypted of course) in some application variable that you could keep plugging into the connection string...
Check out the connectionstrings.com site I referenced, I'm sure it will be helpful.
-Luke.
February 1, 2009 at 10:11 am
Take a look at this article, it shows how to invoke the Windows screen saver with the password prompt:
Starting a Screen saver using VB6 code - Visual Basic - Source Code
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply