Passwords, advice/help needed

Hi,

I have a section in my application that I would like to password protect,
(so that only a special user can make changes to the main setting).
But where should I save the password list?
Given that...
1) if I save it on a file it could be deleted by any other user.
2) If I save it in the registry any user can delete it or/and remove it.
3) Attaching it to the exe is not really an option, (as the exe itself could
be replaced).

I know that no system is 100% fool proof but what would be the best way to
do what I want?
Any advice/link on the matter would be greatly appreciated.

Sims


0
siminfrance (103)
7/7/2003 2:13:45 PM
vc.mfc 33608 articles. 0 followers. Follow

3 Replies
434 Views

Similar Articles

[PageSpeed] 35

Essentially impossible. You either store the password in the executable, or external to
the executable. If you store it in the executable, as you point out, replacing the
executable does in the password. If you store it external, someone could delete it. Now
you say "anyone" could delete it. How many "anyones" are involved here? If you are working
on a multiuser system, storing the password in HKEY_CURRENT_USER or in the Documents and
Settings folder will limit access to a single user. But you can't really stop that single
user from deleting it, although by using ACLs you could make it fairly difficult.
					joe

On Mon, 7 Jul 2003 16:13:45 +0200, "Sims" <siminfrance@hotmail.com> wrote:

>Hi,
>
>I have a section in my application that I would like to password protect,
>(so that only a special user can make changes to the main setting).
>But where should I save the password list?
>Given that...
>1) if I save it on a file it could be deleted by any other user.
>2) If I save it in the registry any user can delete it or/and remove it.
>3) Attaching it to the exe is not really an option, (as the exe itself could
>be replaced).
>
>I know that no system is 100% fool proof but what would be the best way to
>do what I want?
>Any advice/link on the matter would be greatly appreciated.
>
>Sims
>

Joseph M. Newcomer [MVP]
email: newcomer@flounder.com
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm
0
newcomer (15975)
7/7/2003 4:18:59 PM
> Essentially impossible. You either store the password in the executable,
or external to
> the executable. If you store it in the executable, as you point out,
replacing the
> executable does in the password. If you store it external, someone could
delete it. Now
> you say "anyone" could delete it. How many "anyones" are involved here? If
you are working
> on a multiuser system, storing the password in HKEY_CURRENT_USER or in the
Documents and
> Settings folder will limit access to a single user. But you can't really
stop that single
> user from deleting it, although by using ACLs you could make it fairly
difficult.
> joe
>


Hi,

Thanks all,


What is an ACLs?

There will not be many users on the system but only one 'Administrator'
password, (all other users can use the application but make no changes). So
all I really need to save is one password somewhere.
If I save it in the registry at a random location I think I might be ok? But
what are the ethics of doing that?
I guess I will have to store the password externally and make sure that no
one can delete it?

I realize that no system will work 100% but before I get coding I want the
best possible way of doing it.

Sims


0
siminfrance (103)
7/8/2003 6:41:59 AM
Access Control List. Something I have never used. The idea is that you can protect either
a file or a Registry item by setting access rights that prohibit deleting it (but not
necessarily rewriting its contents). Or protect it really heavily against everything
except changing the protections, so your program has to first grant itself the rights to
modify the data, then do the modifications, then remove the rights to do the modifications
(I've done tricks like this in other operating systems). The user can still, with
considerable effort, delete the item, but it takes a lot of effort.

Saving the password in the administrator's HKEY_CURRENT_USER key, and no one else would
have the password. Therefore, the absence of a password means that no one else can use the
features. Generally, HKEY_LOCAL_MACHINE is not available to users who do not have admin
privileges, and since you need only one password, that might be a reasonable place to
store it as well.

Security through obscurity isn't really a good approach. It also makes it difficult to do
tech support if the location is truly "random".
					joe

On Tue, 8 Jul 2003 08:41:59 +0200, "Sims" <siminfrance@hotmail.com> wrote:

>> Essentially impossible. You either store the password in the executable,
>or external to
>> the executable. If you store it in the executable, as you point out,
>replacing the
>> executable does in the password. If you store it external, someone could
>delete it. Now
>> you say "anyone" could delete it. How many "anyones" are involved here? If
>you are working
>> on a multiuser system, storing the password in HKEY_CURRENT_USER or in the
>Documents and
>> Settings folder will limit access to a single user. But you can't really
>stop that single
>> user from deleting it, although by using ACLs you could make it fairly
>difficult.
>> joe
>>
>
>
>Hi,
>
>Thanks all,
>
>
>What is an ACLs?
>
>There will not be many users on the system but only one 'Administrator'
>password, (all other users can use the application but make no changes). So
>all I really need to save is one password somewhere.
>If I save it in the registry at a random location I think I might be ok? But
>what are the ethics of doing that?
>I guess I will have to store the password externally and make sure that no
>one can delete it?
>
>I realize that no system will work 100% but before I get coding I want the
>best possible way of doing it.
>
>Sims
>

Joseph M. Newcomer [MVP]
email: newcomer@flounder.com
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm
0
newcomer (15975)
7/8/2003 4:06:17 PM
Reply:

Similar Artilces:

Most unusual question
Using Outlook Office 2003 and this evening, everytime I try to open a link from email in Outlook, it opens up My Documents! What's wrong and how do I correct this problem! Thanks! ...

Help #4
When you go into, Sales Batch Entry, select the batch, transactions, lookup by document number, the view I am getting now is green and white. I am seeing all the documents in all the batches. I don't want this view, I want to be able to view only what is in the batch selected. What controls this feature? rcr, what you can do is Go to Sales Transaction Entry, Enter your Batch ID, then if you see the lookup, it'll only have the transactions entered for that Batch alone. -- Thanks Janakiram M.P. MCP-GP http://janakirammp.blogspot.com "rcr" wrote: > When you go...

two columns range of numbers need to list all numbers in the range
have two columns range of numbers i need to list each number in the range start end 5 9 15 19 20 29 i need for each row to show the numbers in the range 5 6 7 8 9 15 16 .. .. pls help Was this post helpful to you? Check your other post. arsovat wrote: > > have two columns range of numbers i need to list each number in the range > start end > 5 9 > 15 19 > 20 29 > i need for each row to show the numbers in the range > 5 > 6 > 7 > 8 > 9 > 15 > 16 > . > . > pls help > > Was this post he...

OT Help
OT sorry. You all seem to be the most knowledgeable of all the newsgroups i know about. I need to create an eMail containing other eMails. The only app that I know that does this is Outlook. I would rather not have to struggle with Outlook. Other than Thunderbird, that I cannot get to set up, what other eMail apps allow dragging current eMails into a new eMail to send? On Jul 23, 3:47=A0pm, BeeJ <nos...@live.com> wrote: > OT sorry. > You all seem to be the most knowledgeable of all the newsgroups i know > about. > I need to create an eMail containing other ...

Need VB5 code for these VB6 instructions
I am trying to use the vbSendMail.dll (written in VB6) in a VB5 project. Need Vb5 code for: Private WithEvents poSendmail as vbSendMail.clsSendmail Private Sub Form_Load() Sdet poSendMail = New clsSendMail End Sub Help!! On Tue, 26 Jan 2010 13:33:01 -0800, Dennis Rose <DennisRose@discussions.microsoft.com> wrote: >I am trying to use the vbSendMail.dll (written in VB6) in a VB5 project. >Need Vb5 code for: > >Private WithEvents poSendmail as vbSendMail.clsSendmail > >Private Sub Form_Load() > Sdet poSendMail = New clsSendMail >...

"Enter network password" [OL2003]
One annoying stain on an otherwise pretty good email client is the error handling in case of network problems. If the network connection is good, but the email servers reject a login (due to flakeyness (read, "Yahoo") or administration, etc.) then the "Enter network password" dialog pops up. Instead of trying the servers until it work, this dialog stays up and halts all email processing until the user deals with the dialog. This is annoying enough as it is (I hate all pop-up's -- it should be handled in the apps GUI), but it's a complete disaster if the machine is ...

Can't Restore a Password Protected File
I have never used a Passport but the Money File is password protected. I've never been able to restore a backup because it wants to use my Passport but the Passport is NOT associated with the Money File (so when I do try to use the Passport, it tells me it isn't associated...duh). I've been using Money 2003 and have now upgraded to 2005 but can't get to any of my info from the backup. I have lots of backups but can't restore ANY of them in 2003 or 2005. Help please... In microsoft.public.money, Andy wrote: > have never used a Passport but the Money File is pa...

HELP!! Accounting Question
When I run a Tender Summary for specific days, I don't see a record of the Payments to Account that have been made for that specific day. Why? My accountant desperately needs to know why. Also, why when I run a Detailed Sales report and a Tender Summary for the same period, do the amount not match up. Thank you in advance for your help. See my new thread question from today for a better Z report that can be run from manager. I think we are talking about the same thing. Maybe someone out there can help. "knightsbridge" <knightsbridge@discussions.microsoft.com> w...

Need Help #5
I had installed outlook on Exchange 2003. Now when I try to republish Default global address list, I get the error "MAPI or an unspecified service provider". I think my MAPI profile must be currupted. Can anyone tell me how to fix this problem? Thank Kumar Check the version of mapi32.dll in your system32 directory. You may simply need to replace it with the mapi32.dll version that is found in the /exchsrvr/bin folder. Oh, and uninstall Outlook please. There is a reason that installing Outlook on an Exchange server isn't recommended and isn't supported.... -- Ben W...

Need to Hire Outlook 2003 Help
Hi I'd like to hire someone that can walk me through some specific stuff with outlook 2003 I'm using the Lotus Notes to Outlook plugin My compnay is a Notes shop - which means I get NO support for outlook --- this plugin is a god send and i want to make sure I get it set up correctly It's coming out of my pocket but I'm willing to pay if I can find the right person to help me Please post ideas here or email me Thanks Brendan ...

Date formatting Help
Macro - Help How can you select a cell with a Sunday's Date to give you th following Sunday's Date when execute -- Db171 ----------------------------------------------------------------------- Db1712's Profile: http://www.excelforum.com/member.php?action=getinfo&userid=1591 View this thread: http://www.excelforum.com/showthread.php?threadid=27551 To get next Sunday's date, just add 7 to this Sunday. So something like: cell.value + 7 -- Regards, Fred Please reply to newsgroup, not e-mail "Db1712" <Db1712.1f88gn@excelforum-nospam.com> wrote in message ...

HELP: Outlook downloads 3,4, now 5 copies of each email
I make Outlook 2000 use a Outlook.pst file on a separate hard disk instead of the usual C:\Documents & Settings\ folder. Everything is fine. I also TICK "Leave copy of message on server" so I always have a backup copy. Now when i format my PC and reinstall Windows & Outlook, I point to my D:\Outlook.pst and it starts using it. Then all of a sudden it starts downloading ALL my emails again. If I format my PC once again and reinstall Windows & Outlook, then Outlook starts downloading ALL my emails TWICE (there's 2 copies of each email downloaded, plus the copy I...

help on combo box...
i have a combo box cbPayee... on top of the list is "add new payee..." below which are the other names ...how can i enable it that when the 1st row is selected, a pop-up form wud appear for data entry... thanks... -- ai® Message posted via http://www.accessmonster.com Use the After Update event of the combo. If Me.cbPayee = "add new payee..." Then 'Do it here Else However, a more common technique is to use the combo's NotInList event for this purpose. Set the combo's Limit To List property to Yes. Delete the "add new payee...&q...

HTML Email distorted in Hotmail
I create a table with about a dozen rows of cells in Outlook as an HTML document. For some reason, when I e- mail it to myself and open it in Outlook the formatting is just as I sent it. No problem. However, when I send it to a hotmail account, the font in at least one cell is reduced half-way through the line. If I hperlink the title in the first cell, the font also shrinks down to more than half its size. ( Less important, but noteworthy, is what happens when the same e-mail sent to hotmail is forwarded or replied to. Hotmail converts it to a text message only so all the colour and ...

"Unstore" password
When setting up the desktop Windows Live Mail on my new computer, I must've left "remember password" checked, so now whenever I open it, my mailbox automatically opens. I don't want my password stored. Where do I go to "unstore" my password? (I'm on Windows 7 if that makes any difference} Thanks in advance for the help! Tools | Accounts | Mail Account | Properties | Servers Tab. -- Bruce Hagen MS-MVP [Mail] Imperial Beach, CA "Nancy K" <Nancy K@discussions.microsoft.com> wrote in message news:3C5E...

Outlook 2007 Remembering Password
We have a Win2008 R2 RDS box connected directly to the domain in which our Exch 2007 server resides. Everything seemed to working fine with Outlook for all users until last patch Tuesday and after that Outlook 2007 now prompts users for Password on startup. Once entered no further prompting occurs unless Outlook is closed and restarted. We are using self-signed certificates for all services (including Autodiscovery). Autodiscovery appears to be working since all applicable information is filled into the initial Outlook config for new users (except for the password). Any help? ...

Help 05-06-10
I'm trying to send a message and I cant And what exactly happens when you try? Any error messages? Has this account ever worked in Windows Mail? -- Bruce Hagen MS-MVP [Mail] Imperial Beach, CA "Jarrod Soto" <jarroddsoto@yahoo.com> wrote in message news:uLk3suL7KHA.1424@TK2MSFTNGP04.phx.gbl... > I'm trying to send a message and I cant > "Jarrod Soto" <jarroddsoto@yahoo.com> wrote in message news:uLk3suL7KHA.1424@TK2MSFTNGP04.phx.gbl... > I'm trying to send a message and I cant ********...

SharePoint password problem
This is a brand new installation of SBS 2008, fully patched and not yet "live". I have noticed that when I go to SharePoint Central Administration, I get asked for credentials. I provide the SBSadmin user name and password and am let in (to http://ServerName:4721/default.aspx). However, I cannot go anywhere within Central Administration without being prompted for credentials. The SBSadmin user name and password does not work so I can't actually configure anything. How can I correct this please? ...

How do I save Visio help text boxes as html
I have a Visio process flow containing help text boxes (mouse overs) and hyperlinks that I want to save as a web document (html). When saved, the help text boxes are no longer available. How do I save as html so that they are available? ...

Making pretty reports
I am fairly proficient in the use of formulas to produce data that need for a fairly complex mortgage and real estate investmen spreadsheet, but I'm lacking in presentation. I need to be able t print a presentable report for my clients and I've had a difficult tim importing the data from my spreadsheet to Word in a reliable manner ( must not be doing something right, because it seems too tedious an time-consuming). I've tried to format a worksheet in Excel to be abl to present the data in a professional and eye-pleasing manner, bu frankly I'm just bombing-out. DOES ANYONE H...

How would I hire someone to help w Outlook issues remotely?
I have a lot of little bugs with Outlook 2007 and Windows XP and do not seem to be able to find help. I have asked questions multiple times on this forum with no help. Is there a way an individual can hire another individual to come on my computer remotely and help with my little issues? ...or should I just call someone like geek squad to send someone over? please copy my email as I never seem to find responses on this forum and when I login it says I have no responses. (I have also checked notify of replies) Kevin grold@aol.com Your questions in this group, in Januar...

Help Please #14
What is the formula that takes hours that have been added up and multiples them by an hourly wage. I know it can be done. I just don't know how. -- darling ------------------------------------------------------------------------ darling's Profile: http://www.excelforum.com/member.php?action=getinfo&userid=28855 View this thread: http://www.excelforum.com/showthread.php?threadid=486045 =A8*24*Wage_Rate where A8 holds the hours, it is important to format result as genreal or numbers or currency or else you'll get a large time format -- Regards, Peo Sjoblom "darl...

remember password not working
i have windows xp, when i use outlook express and i check remember password it does not take i always have to retype password to send and recieve my e-mail's DOES ANYONE HAVE A FIX There have been several issues with passwords not being retained with Outlook. For all Outlook versions on Windows XP (note, this article is written for OE but the solution applies to Outlook as well.): http://support.microsoft.com/default.aspx?scid=kb;EN-US;q264672 -- Nikki Peterson [MVP - Outlook] "dirtydog" <slugger22@mchsi.com> wrote in message news:04e401c34da5$b3dd6740$a401280a@phx.gbl...

Help, NDIS BSOD
We have an NDIS IM developed based on Passthru sample. It works fine on x86 platform for years. Recently, we port it to x64 server and got BSOD every 20 hours of loading. It won't happen at sunday when nobody connect to that server. The crash code are DRIVER_CORRUPTED_MMPOOL (d0), DRIVER_CORRUPTED_EXPOOL (c5) or BAD_POOL_CALLER (c2). Sometimes, it crashed at allocating memory in our driver. Sometimes, it crashed at deallocating memory in our driver. Most of the time, it crashed out of our code. Any hints how to debug? Segments of dump are as followings: Windows...

Need help in data copying. #3
Thanks Mr. Dave. It was really helpful Regards Tom -- SMIL ----------------------------------------------------------------------- SMILE's Profile: http://www.excelforum.com/member.php?action=getinfo&userid=488 View this thread: http://www.excelforum.com/showthread.php?threadid=25956 ...