My database is Access front end which is linked to SQL tables, is there a way of Encrypting/Hashing the passwords that are stored in my user table?
I have seen something about Hashbytes and Salt? but not sure how to implement it?
thank you in advance for your help
There is no native way to encrypt/decrypt in Access, but it's not hard to create your own. You can use the old "Zebras" method, by assigning different letters to the alphabet (you could also use some numbers or other ASCII characters instead):
Public Function Encrypt(strvalue As String) As String
Const LowerAlpha As String = "abcdefghijklmnopqrstuvwxyz"
Const LowerSub As String = "zebrascdfghijklmnopqtuvwxy" 'zebras
Const UpperAlpha As String = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
Const UpperSub As String = "ZEBRASCDFGHIJKLMNOPQTUVWXY" 'ZEBRAS
Dim lngi As Long
Dim lngE As Long
Dim strEncrypt As String
Dim strLetter As String
If strvalue & "" = "" Then Exit Function
For lngi = 1 To Len(strvalue)
strLetter = Mid(strvalue, lngi, 1)
Select Case Asc(strLetter)
Case 65 To 90 'Uppercase
'Find position in alpha string
For lngE = 1 To Len(UpperAlpha)
If Mid(UpperAlpha, lngE, 1) = strLetter Then GoTo USub
Next
USub:
strEncrypt = strEncrypt & Mid(UpperSub, lngE, 1)
Case 97 To 122 'Lowercase
'Find position in alpha string
For lngE = 1 To Len(LowerAlpha)
If Mid(LowerAlpha, lngE, 1) = strLetter Then GoTo LSub
Next
LSub:
strEncrypt = strEncrypt & Mid(LowerSub, lngE, 1)
Case Else 'Do not substitute
strEncrypt = strEncrypt & strLetter
End Select
Next
'Now pass this string through ROT13 for another tier of security
For lngi = 1 To Len(strEncrypt)
Encrypt = Encrypt & Chr(Asc(Mid(strEncrypt, lngi, 1)) + 13)
Next
End Function
Then work backwards to decrypt:
Public Function Decrypt(strvalue As String) As String
Const LowerAlpha As String = "abcdefghijklmnopqrstuvwxyz"
Const LowerSub As String = "zebrascdfghijklmnopqtuvwxy" 'zebras
Const UpperAlpha As String = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
Const UpperSub As String = "ZEBRASCDFGHIJKLMNOPQTUVWXY" 'ZEBRAS
Dim lngi As Long
Dim lngE As Long
Dim strDecrypt As String
Dim strLetter As String
If strvalue & "" = "" Then Exit Function
'Reverse the ROT13 cipher
For lngi = 1 To Len(strvalue)
strDecrypt = strDecrypt & Chr(Asc(Mid(strvalue, lngi, 1)) - 13)
Next
'Now reverse the encryption
For lngi = 1 To Len(strDecrypt)
strLetter = Mid(strDecrypt, lngi, 1)
Select Case Asc(strLetter)
Case 65 To 90 'Uppercase
'Find position in sub string
For lngE = 1 To Len(UpperSub)
If Mid(UpperSub, lngE, 1) = strLetter Then GoTo USub
Next
USub:
Decrypt = Decrypt & Mid(UpperAlpha, lngE, 1)
Case 97 To 122 'Lowercase
'Find position in sub string
For lngE = 1 To Len(LowerSub)
If Mid(LowerSub, lngE, 1) = strLetter Then GoTo LSub
Next
LSub:
Decrypt = Decrypt & Mid(LowerAlpha, lngE, 1)
Case Else 'Do not substitute
Decrypt = Decrypt & strLetter
End Select
Next
End Function
Unfortunately, if you modify or encrypt the connection in the linked table then you will find that you cannot connect to SQL serer. Any suggesting here about having some “encryption” routine will NOT WORK and is NOT relevant since if you modify or mess with the connection strings in your linked tables, then the linked tables will fail. Thus the ONLY possible way this could work is if you take the encrypted connection, de-crept and re-link to SQL server with the plan text connect strings with the user ID and password in plain sight. At this point any user placing their cursor over a linked table will see the user id and password in plain sight (so you gain little if anything by this suggested approach).
The two solutions are:
1 – use windows authentication on SQL server. That means the plain text connections in the Access linked tables do NOT require the user id and password.
2 – use cached logons. This is the RECOMMENDED solution.
Thus you DO NOT include the uid and password in the connection string. Thus there is no need to worry about users looking at the connection string.
What you thus do on startup is execute a logon. The VERY INSTANT you execute a SQL logon, then all linked tables WITHOUT userid/password WILL NOW WORK!
The logon code I use is thus this:
Function TestLogin(strcon As String) As Boolean
On Error GoTo TestError
Dim dbs As DAO.Database
Dim qdf As DAO.QueryDef
Set dbs = CurrentDb()
Set qdf = dbs.CreateQueryDef("")
qdf.Connect = strcon
qdf.ReturnsRecords = False
'Any VALID SQL statement that runs on server will work below.
' this does assume user has enough rights to query built in
' system tables
qdf.SQL = "SELECT 1 as test"
qdf.Execute
TestLogin = True
Exit Function
TestError:
TestLogin = False
Exit Function
End Function
How to achieve this is outlined in detail here:
Power Tip: Improve the security of database connections
http://blogs.office.com/b/microsoft-access/archive/2011/04/08/power-tip-improve-the-security-of-database-connections.aspx
It makes LITTLE sense to encrypt the connection string, since then on startup you have to re-link with plain connection strings NOW in sight. And worse is on shutdown you have to re-link the tables gain, else they all be in that linked state with full uid/passwords in plain sight.
Not only is such a process time consuming, but prone to MUCH failure and if the application is shutdown incorrect then the “proposed” schemes here of using custom linking will not only fail, but are impractical solutions.
So using cached logons and passwords results in NOT having to include password and logon in those strings. You can prompt a user for their uid/password, execute the logon and NOW all linked tables like magic will use that logon/pass and do NOT have to be linked and thus you don’t have to store the userid/logon in the application or in the linked table(s) connection strings.
Related
I have this skill checkboxlist which contains skills that can be selected by the user. If the user select two skills,two records will be inserted to the table.
I tried this one:
Dim varSkillID As Integer()
varSkillID = split(skills, ",")
If varSkillID(0).value > 0 Then
Dim sql As String = Nothing
For I = 0 To varSkillID()
sql = "INSERT INTO tblConstituentSkills (skillID) VALUES ( " & varSkillID.Value & ")"
Next I
end if
but its not working. Thanks!
I also tried this code.
Dim varSkillID() As String = Split(skillID, ",")
For i As Integer = 0 To varSkillID.Length - 1
If varSkillID(i) <> "" Then
Using sql As New SqlProcedure("spInsertSkill")
sql.AddParameter("#ConstituentIdNo", constituentIdNo)
sql.AddParameter("#skillID", varSkillID(i))
sql.ExecuteNonQuery()
End Using
End If
Next i
It works when I only select single skill. But if I select two or more skills this error appears "Nullable object must have a value."
please use the editor help to design your request. It is very hard to read.
What does the errormessage say?
There is an End If missing
Where does constituentIdNo.Value is coming from?
To call the Sub:
Call r101("123456", "1,2,3,4")
the Sub:
Public Sub r101(ByVal constituentIdNo As String, ByVal skills As String)
Dim varSkillID() As String = Split(skills, ",")
Dim sql As String = Nothing
For i As Integer = 0 To varSkillID.Length - 1
If varSkillID(i) <> "" Then sql = "INSERT INTO tblConstituentSkills (ConstituentIdNo, skillID) VALUES (" & constituentIdNo & ", " & varSkillID(i) & ")"
Next i
End Sub
This is not the cleanest code, but the best I could create from your given feedback.
I don't see why to convert skills to integer.
I just read this and saved me.separate comma separated values and store in table in sql server
Thanks stackoverflow!you're a savior!
I am writing VBA code for an Excel workbook. I would like to be able to open a connection with an Access database, and then import a txt file (pipe delimited) and create a new table in the database from this txt file. I have searched everywhere but to no avail. I have only been able to find VBA code that will accomplish this from within Access itself, rather than from Excel. Please help! Thank you
Google "Open access database from excel VBA" and you'll find lots of resources. Here's the general idea though:
Dim db As Access.Application
Public Sub OpenDB()
Set db = New Access.Application
db.OpenCurrentDatabase "C:\My Documents\db2.mdb"
db.Application.Visible = True
End Sub
You can also use a data access technology like ODBC or ADODB. I'd look into those if you're planning more extensive functionality. Good luck!
I had to do this exact same problem. You have a large problem presented in a small question here, but here is my solution to the hardest hurdle. You first parse each line of the text file into an array:
Function ParseLineEntry(LineEntry As String) As Variant
'Take a text file string and parse it into individual elements in an array.
Dim NumFields As Integer, LastFieldStart As Integer
Dim LineFieldArray() As Variant
Dim i As Long, j As Long
'Determine how many delimitations there are. My data always had the format
'data1|data2|data3|...|dataN|, so there was always at least one field.
NumFields = 0
For I = 1 To Len(LineEntry)
If Mid(LineEntry, i, 1) = "|" Then NumFields = NumFields + 1
Next i
ReDim LineFieldArray(1 To NumFields)
'Parse out each element from the string and assign it into the appropriate array value
LastFieldStart = 1
For i = 1 to NumFields
For j = LastFieldStart To Len(LineEntry)
If Mid(LineEntry, j , 1) = "|" Then
LineFieldArray(i) = Mid(LineEntry, LastFieldStart, j - LastFieldStart)
LastFieldStart = j + 1
Exit For
End If
Next j
Next i
ParseLineEntry = LineFieldArray
End Function
You then use another routine to add the connection in (I am using ADODB). My format for entries was TableName|Field1Value|Field2Value|...|FieldNValue|:
Dim InsertDataCommand as String
'LineArray = array populated by ParseLineEntry
InsertDataCommand = "INSERT INTO " & LineArray(1) & " VALUES ("
For i = 2 To UBound(LineArray)
If i = UBound(LineArray) Then
InsertDataCommand = InsertDataCommand & "'" & LineArray(i) & "'" & ")"
Else
InsertDataCommand = InsertDataCommand & LineArray(i) & ", "
End If
Next i
Just keep in mind that you will have to build some case handling into this. For example, if you have an empty value (e.g. Val1|Val2||Val4) and it is a string, you can enter "" which will already be in the ParseLineEntry array. However, if you are entering this into a number column it will fail on you, you have to insert "Null" instead inside the string. Also, if you are adding any strings with an apostrophe, you will have to change it to a ''. In sum, I had to go through my lines character by character to find these issues, but the concept is demonstrated.
I built the table programmatically too using the same parsing function, but of this .csv format: TableName|Field1Name|Field1Type|Field1Size|...|.
Again, this is a big problem you are tackling, but I hope this answer helps you with the less straight forward parts.
So, this my code. It gets only the first document. But what I want to do is read a specific document. The view is a collection of usernames and passwords. So, for example : The username is in the 5th document, then the program will scan the view until it finds the right document. Sorry for my poor explanation. I hope you understand my problem.
On Error Goto e
Dim db As NotesDatabase
Dim view As NotesView
Dim results As Variant
Dim cmd As String
Dim d As NotesDocument, flag As Integer, upw As String, uname As String
Set db = source.Database
uname = Inputbox("Enter Username")
Set view = db.GetView("Registration View")
Set d = view.GetFirstDocument()
'cmd = {#DbLookup("";"48257E00:00089AF5";"RegView";1)}
'results = Evaluate(cmd)
Dim pw As String, un As String
'Forall Username In results
' Msgbox username(1)
'End Forall
If Not d Is Nothing Then
un = d.userfield(0)
pw = d.passfield(0)
If un <> uname Then
Msgbox "Username invalid!"
End If
If un = uname Then
upw = Inputbox("Enter Password")
If pw <> upw Then
Msgbox "Password invalid!"
End If
If pw = upw Then
Msgbox "Log In succesful!"
flag = 1
End If
End If
End If
If flag <> 1 Then Call source.Close()
Exit Sub
e:
Print Error, Erl
Instead of using view.getFirstDocument you should use view.getDocumentByKey(uname,true) which return the document with the key uname in the first column in the view
Make sure the first column In the view is set to sorted
If no document is found using the key then getDocumentByKey returns nothing
You can create a view with the first column userfield and the second column passfield. The first column has to be sorted.
In your code build an array of uname and upw
Dim strSearch (0 to 1) as String
Dim viewSearch as NotesView
Dim doc as NotesDocument
viewSearch = db.getView("YourSearchView")
strSearch(0) = uname
strSearch(1) = upw
Set doc = db.getDocumentByKey(strSearch, true)
If(Not doc is nothing)Then
Print "Login successfull"
Else
Print "Wrong username or password"
End if
If you want to use a two step check of username and then password you can create two search views and use the first for check if the username exists and the second for checking the given username and password.
Of course you could cycle through the complete view and compare each single entry, but that will be quite slow. In your code the complete "cycling" is missing. You would need to use a do - while loop to run through all entries in the view:
Set d = view.GetFirstDocument()
Do
un = d.userfield(0)
pw = d.passfield(0)
'- here comes the rest of your code, if password is right - exit
If flag = 1 then exitLoop = True
Set d = view.GetNextDocument( d )
if d is Nothing then exitLoop = True
Loop until exitLoop
But this is quite inefficient. If your view is sortey by username (if not, create one that is), then use getDocumentbyKey as suggested by Thomas.
Set d = view.GetDocumentByKey( uname )
If not d is Nothing then
un = d.userfield
The question is WHY would one do something like this: Notes / Domino has a great security concept and saving all usernames and passwords in a view, where everybody can simple read the passwords by checking the document properties is -sorry to say- stupid and does not give you even one more bit of security...
I know this is very basic, and I've done this hundreds of times. But, for some strange reason I am executing this command on a database, and it fails when it tries to read a column from the result. If I execute this statement in SQL Plus logged in as the same credentials, the row (table has 1 row) is selected just fine. Any ideas what I am doing wrong? I tried accessing the columns by name, by index, and indeed any column - all of them give no data. I tried without the .NextResult() (just in case), same exception.
'...
' Determine if this database is Multisite enabled
Dim multisiteCmd As OleDbCommand = DbConnection.CreateCommand
multisiteCmd.CommandText = "SELECT * FROM TDM_DB_VERSION;"
Dim dbVersionReader As OleDbDataReader = multisiteCmd.ExecuteReader()
If dbVersionReader.HasRows Then
dbVersionReader.NextResult()
'If a ReplicaID was generated for the Database ID, then this is part of a
'multisite implementation
'Dim dbRepID As String = dbVersionReader("DB_REPLICID")
Dim dbRepID As String = dbVersionReader(9)
PluginSettings.UseMultisite = False
If Not dbRepID Is Nothing Then
If dbRepID.Length > 0 Then
PluginSettings.UseMultisite = True
PluginSettings.MultisiteReplicaId = dbRepID
End If
End If
End If
dbVersionReader.Close()
As you can see from these Immediate commands, the connection is open:
? DbConnection.Provider
"OraOLEDB.Oracle"
? DbConnection.State
Open {1}
NextResult() is for statements that have more than one result set. For example, if you had sent a command like this:
"SELECT * FROM TDM_DB_VERSION;SELECT * FROM dual;"
Note there are two queries in there. You can handle them both with a single call to the database and a single OleDbDataReader, and NextResult() is part of how you do that.
What you want instead is this:
Dim multisiteCmd As OleDbCommand = DbConnection.CreateCommand
multisiteCmd.CommandText = "SELECT * FROM TDM_DB_VERSION;"
Dim dbVersionReader As OleDbDataReader = multisiteCmd.ExecuteReader()
If dbVersionReader.Read() Then
'If a ReplicaID was generated for the Database ID, then this is part of a
'multisite implementation
'Dim dbRepID As String = dbVersionReader("DB_REPLICID")
Dim dbRepID As String = dbVersionReader(9)
PluginSettings.UseMultisite = False
If Not dbRepID Is Nothing Then ' Do you mean check for DbNull here? "Nothing" is not the same thing
If dbRepID.Length > 0 Then
PluginSettings.UseMultisite = True
PluginSettings.MultisiteReplicaId = dbRepID
End If
End If
End If
dbVersionReader.Close()
is there a group_concat function in ms-access or something similar?
You should ask yourself if you need a generic solution (another is by Allen Browne) or if you need it just for the present purpose. If you really only need it this once, do it the easy way.
On a side note, when concatenating lists in VBA code, take advantage of a trick taught to me by long-time Access guru Trevor Best, and that's to stick the delimiter at the beginning of every value and then use Mid() to strip it off. Instead of this inside your loop through the child records:
If Len(strOutput) = 0 Then
strOutput = NewValue
Else
strOutput = strOutput & ", " & NewValue
End If
...use this inside the loop:
strOutput = strOutput & ", " & NewValue
...and then when you exit the loop, strip off the leading delimiter:
strOutput = Mid(strOutput, 3)
This has implications all over the place and simplifies code for concatenation in a whole host of contexts.
There's an access function to group multiple values into one value (a custom aggregate, I guess.) The link is http://www.rogersaccesslibrary.com/Otherdownload.asp?SampleName='Generic%20Function%20To%20Concatenate%20Child%20Records'
but the site is down for now. If you google the href, you'll find lots of referneces and examples.
I found this post by Duane Hookum (a Microsoft MVP) that claims to be able to do what you want. I have not tested it though.
By the way, in case you are interested, this is how I found it:
First search: group_concat access lead me to this post with this answer but the link was broken.
Then I searched again after the content that the answer was attempting to link to, and found it: site:http://www.rogersaccesslibrary.com/ concatenate.
No. Access does not have a GROUP_CONCAT function. However, it is possible to create a VBA function which will let you pass a string containing a SQL statement and get the equivalent functionality (not that I'd recommend it but it is possible).
Taking my own personal wayback machine, here is some code I wrote back when dinosaurs ruled the Earth:
Public Function ListQuery(SQL As String _
, Optional ColumnDelimiter As String = " " _
, Optional RowDelimter As String = vbCrLf) As String
'PURPOSE: to return a combined string from the passed query
'ARGS:
' 1. SQL is a valid Select statement
' 2. ColumnDelimiter is the character(s) that separate each column
' 3. RowDelimiter is the character(s) that separate each row
'RETURN VAL:
'DESIGN NOTES:
Const PROCNAME = "ListQuery"
Const MAXROWS = 100
Const MAXCOLS = 10
Dim oConn As ADODB.Connection
Dim oRS As ADODB.Recordset
Dim oField As ADODB.Field
Dim sRow As cString
Dim sResult As cString
On Error GoTo ProcErr
Set sResult = New cString
Set sRow = New cString
Set oConn = GetADOConn()
sResult.Clear
Do Until oRS.EOF
sRow.Clear
For Each oField In oRS.Fields
With sRow
If .Length > 0 Then
.Append ColumnDelimiter
End If
.Append Nz(oField.Value)
End With
Next oField
sRow.Trim
If sRow.Length > 0 Then
With sResult
.Append sRow
.Append RowDelimter
End With
End If
oRS.MoveNext
Loop
oRS.Close
oConn.Close
With sResult
If .Right(Len(RowDelimter)).Value = RowDelimter Then
.Length = .Length - Len(RowDelimter)
End If
End With
FunctionResult:
ListQuery = sResult.Value
CleanUp:
Set sResult = Nothing
Set sRow = Nothing
Set oField = Nothing
Set oRS = Nothing
Set oConn = Nothing
Exit Function
ProcErr:
' logging code...
Resume CleanUp
End Function
The GetADOConn function is a centralized function to retrieve the current database connection. cString is a class that mimics the behavior of .NET's StringBuilder class but was written long before .NET was anything other than a TLD and marketing hype. Since this is getting called on every row, VBA's built-in string concatenation will be slow and thus something like a StringBuilder class is needed. The original code (which I've partially modified) had a cap on the number of rows and columns that could be used which is what the constants are all about.