Eric,
> On 6 Sep 2019, at 24:22 AEST, Eric Naujock via 4D_Tech <[email protected]>
> wrote:
>
> Does anyone have a replacement login system for 4D that offers stronger
> authentication security than the current system. Since the current system
> does not enforce password changes, or password complexity it is a pretty poor
> system in the current age. While the encryption is crypt is is still brute
> force attackable as well. There are no failed login lockouts. Nor is three
> the ability to have two factor authentication? Or is this something beyond
> what anyone out there is using.
I roll my own system for more than 25 years now.
It allows to manage access rights on record level divided by read only and read
write.
Here are some pointers to give you an idea.
All the information are hold in the data-file and therefore a kind of mirroring
of the structure is
( [Tables], [Fields], [Staff], [Passwords], [Branches], [Departments] etc.)
The passwords are stored as hashes (MD5…SHA512) which makes it a bit harder but
not immune against brut force attacks.
A mandatory change of passwords after a period of time or number of logins can
be implemented as well as x-way authentication can be implemented.
To use this as an addition to the 4D-build-in stuff is also possible, but I
don’t see a reason why.
The access rights for each user are hold in arrays for each user within an
organisation like this:
READ ONLY
NA AA UA DA BA FA
[Table1] √
[TableN] √
READ WRITE
NA AA UA DA BA FA
[Table1] √
[TableN] √
Legend:
NA No Access
AA Author Access
UA Unit Access
DA Department Access
BA Branch Access
FA Full Access
Every table has the following LongINT “Head Fields” :
UserIDRefCreated
UserIDRefModified
xCorpCreated
xBranchCreated
xDepartmentCreated
xUnitCreated
Every time a user is accessing a table his rights (arrays see above) are
applied.
Granted to implement this in an existing application will take some doing but
it could be worth it.
For instant if someone within an organisation changes to a different branch but
will hold the “same” position, no access rights have to be adjusted and the
data from the former branch/department/etc. cannot be accessed any more.
HTH
Cheers
Jörg
**********************************************************************
4D Internet Users Group (4D iNUG)
Archive: http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub: mailto:[email protected]
**********************************************************************
