I have an application which uses ms access database with password encryption. The login information is stored within the database (username and password). I double clicked the database file and keyed in the password to see the table list. In a message bar there's a massage stating that the "This database has been opened read-only". Then I tried to set the password into a new value lets say "password1". However, when I re run my application and tried to login using the new password but it fails (only works with the old password).
Does this mean the database here is not used by the application? Or there's a copy of the database somewhere and being referred to ?
I think there may be a password encryption, In this case you can not just modify the password in the database to login. Check your application.
The various things you say are incompatible with each other. Saving a database with encryption does not require a user name, only a password. If you get the password wrong or do not supply it, the database does not open read-only, it does not open at all. If you are using user level security, the user name and password are not stored "within the database", they are stored in an .mdw file.
Try holding the shift key down while you open the database, you must keep it held until the database if fully open, that is, hold the shift key, open the database, type in the password, continue to hold the shift key.
If you are not asked for a password when you hold the shift key, but the file is still read only, check:
Right-click the file and check the properties
Check the folder permissions
If there is a left over .ldb or .laccdb lock file
Related
I have recently started to pick up frontend stuffs and been writing a very simple web app for my workplace where each of the users are required to log in. They have already been given a preset account (pattern: Txx, xx stands for staff number) and a password, saved in a MySQL.
login box on UI
input type is password
Log-in was technically workable. Originally as I had set input type = "password" so the password box showed ******** when they did the input on browser.
Nevertheless, when I checked phpMyAdmin page and get into the 'user' table of my DB, where usernames and passwords are saved for PHP checking, I can actually see the password (I logged in with root...)!
blue paints hiding exact numerical passwords the users use
Isn't it supposed that even admin(root?) cannot see the password?
Is it that chrome browser might actually have understood the 'type is password' and encrypted the input and send to PHP which programs to save password on MySQL? (I did not use any functions like md5(xxx) in my HTML codes however...)
Is anything wrong (or should be done) to mySQL setting? Or did Chrome actually NOT encrypt the inputs before sending to PHP?
Chrome does not encrypt the password for you. you have to do it yourself by hashing it when saving it to your database
Read more about it here
http://php.net/manual/en/function.password-hash.php
So after some digging I realize that there is no built in user level security option for Access 2007. What I need to do is restrict records that users can edit based on who is logged in (they can see all the data but only edit their own). I was thinking that I could make a log in form and assign passwords and go from there, but I was wondering if there was a better method to do this.
For user privileges for read-only, read-write on forms in the database, we implemented following tables, logic.
I created a privilege table along with log-in table. Each screen in the database will have Read-only or Read-write privilege to each user. I inserted all the screen names into privilege table. Another table UserPrivilege will have users and their privileges. Assigning privilege to an user will be done only by Admin user.
A function at start of each form check swhether a specified user is allowed to view or edit form. If he/she is given read-only, we will lock all controls looping thr' controls on the form. Else, nothing to do. OR keep all the controls read-only at design them and unlock them thr' code for write privilege.
The database window is kept hidden when a version to end user is delivered. This prevents usual , simple view to tables in the database, opening forms , reports object in database window. After making mde/accde few more tweaks can be done so that user is not easily able to view tables directly. by-passing startup, special keys etc.
I have been facing this problem too. My solution (which hasn't been broken yet) is to do exactly that. Make a user's table with passwords and a log in form which reads the table for User name, password and user type. I have used two ways to proceed from there: Case statement to open specific navigation forms for that user's functions or a global variable (in a module (enumeration helps)) and an getter function that is checked within each form's open events and changes properties like AllowEdits, and AllowAdditions and even cancel the form opening if it's administrative stuff.
The most important part of this set up is making sure the users are using Access Runtime. If they use the Access version you are developing in they can snoop a little bit and get around this.
Make sure you hide the user's table.
Access runtime can be forced by making a shortcut to the DB and adding /runtime to the end of the shortcut path (with a space).
It's not perfect, but it works for my purposes and It might work for your's.
I did dot this in 2010, but 2007 should be pretty much the same.
Assigning username/passwords in Access (especially with an access back end) has a number of critical issues that are worth pointing out. Firstly, if you don't encrypt your DB, then any of your users who are savvy enough to go looking for it will be able to find it, and therefore get full access to it. If you encrypt the DB, if anyone can get access to your source code you're toast, since they will be able to see the DB user/passwords stored in the code. This issue persists if you use other SQL db's, but at least in those cases you can restrict the user supplied to the Access .accdb file to have certain permissions.
For my case, I have 3 levels of security. Firstly, I heavily restrict what I send out to make it very difficult to access the source code, which you kind of have to do no matter what. Secondly, I distribute different levels of access with different DB passwords (I'm using a MySQL back-end, you could do the same with a SQLServer back-end, but with Jet you're out of luck), so even if users could see the DB user and password, they are limited in what they can do. Thirdly, since I deploy on a corporate network, I take advantage of windows groups, and use those to filter out what is visible to different users. That way, users can only use the forms if they are authenticated onto our network. If the file discovers it's not on the network, it deletes itself and terminates.
Function IsMember(strDomain As String, strGroup _
As String, strMember As String) As Boolean
Dim grp As Object
Dim strpath As String
strpath = "WinNT://" & strDomain & "/"
Set grp = GetObject(strpath & strGroup & ",group")
IsMember = grp.IsMember(strpath & strMember)
End Function
Function GetCurrentUser() As String
GetCurrentUser = VBA.Environ$("USERNAME")
End Function
Function GetCurrentDomain() As String
GetCurrentDomain = VBA.Environ$("USERDOMAIN")
End Function
I can't log into the WP Dashboard because the password I always use is incorrect. I know I can change the user info from hosting account. I logged into cPanel and went to phpMyAdmin > wp_users and proceeded to change user_pass to the appropriate password. I'm back at square 1 because I cannot log in.
you need select md5 encryption, in the function table you select md5, because wordpress use this encryption method for the password.
Image http://tinyurl.com/q3ec792
Please follow the instruction:
Through phpMyAdmin
This article is for those who have phpMyAdmin access to their database.
Note: use phpMyAdmin at your own risk. If you doubt your ability to use it, seek further advice. WordPress is not responsible for loss of data.
Begin by logging into phpMyAdmin and clicking databases.
A list of databases will appear. Click your WordPress database.
All the tables in your database will appear. If not, click Structure.
Look for wp_users in the Table column.
Click on the icon for browse.
Locate your Username under user_login
Click edit (may look like a pencil icon in some versions of
phpMyAdmin)
Your user_id will be shown, click on Edit
Next to the user_pass is a long list of numbers and letters.
Select and delete these and type in your new password.
Type in the password you want to use. Just type it in normally, but
remember, it is case-sensitive.
In this example, the new password will be 'rabbitseatcarrots'
Once you have done that, click the dropdown menu indicated, and
select MD5 from the menu.
Check that your password is actually correct, and that MD5 is in the
box.
Click the 'Go' button to the bottom right.
Test the new password on the login screen. If it doesn't work, check
that you've followed these instructions exactly.
I am trying to generate a database diagram from an existing SQLExpress database that I own but I am getting this error:
Database diagram support objects cannot be installed because this database does not have a valid owner. To continue, first use the Files page of the Database Properties dialog box or the ALTER AUTHORIZATION statement to set the database owner to a valid login, then add the database diagram support objects.
I am the owner according to the properties:
I did try this but was not in the correct syntax
ALTER AUTHORIZATION ON DATABASE::GuitaristDB TO PDC1\tcastonzo;
This executed but probably not correct
ALTER AUTHORIZATION ON DATABASE::GuitaristDB TO tcastonzo;
You need to ensure that the user PDC1\tcastonzo (which is a domain or computer account) has a login to the SQL Server.
The user tcastonzo looks to be a SQL account, which is separate from the PDC1\tcastonzo account.
What credentials do you currently use to connect to the SQL Server?
Try changing the owner of the database to either SA or NT AUTHORITY\SYSTEM.
Right click the database you want to change AUTHORIZATION and click
Properties. A window/dialog will open.
At the left side of the dialog click Files
From the Right side change the Owner as your own
Then logged-in with the changed user. It will solve your problem.
Try and enjoy
I have RC4 encrypted data stored in a MySQL table that I need to move to the wp_user table and store as a Wordpress encrypted password. These are passwords so I'd prefer to move them securely, but I'm open to any suggestion.
This data was originally stored from a custom built Wordpress user management plugin that we've lost the developers for. Now we are attempting to move the users over to a Wishlist Member solution which stores them as regular wordpress users. I want to be able to change out the system without having to ask all the users to reset their passwords.
The old user data is encrypted as a hashed password concatenated with the encryption key. Below is the code sample that decrypts the secure data. I have the encryption key,
$secure_data = unserialize(
rc4crypt::decrypt(
$this->data->password . OLD::ENCRYPT_KEY,
$this->data->secure_data)
);
Any suggestions on how can I move this data into user_pass of wp_users?