Let me address a few issues:
1) My question was regarding making the software association between the
user data in the user database, along with his/her authority level and
id, and the executing program.
2) The security issue of my .dbf files is another issue. First, I link
some data to other databases, the association being in the program.
Secondly, I encrypt certain fields (actually very few-name, etc.).
Thirdly, I lock the .dbf so it cannot be accessed by the excels of the
world. Finally, I perform non-computer security procedures regarding
data security.
(How's that for being vague? :) )
I used to compare the entered plaintext password to the decrypted
password for authentication. This was back in the 1990's before I
learned how Linux does it. What happened is I learned how someone else
solves the problem, liked the idea, and use it. I am using the same
theory here regarding associating the user data with my program. That
is why I showed the simple code that I use. I will not mention my
security concern regarding how I associate the data to the program. I
am hoping that someone out there will recognize the errors of my ways,
and show me a better way to solve it.
I consider security to be a series of chain links. I attack them
individually, not as a big blob.
John
On 03/05/2016 03:18 PM, John R. Sowden wrote:
applications that I use need to be secure and have an audit trail. I
encrypt entered passwords, compare them to encrypted stored passwords,
ala linux. I am comfortable with that. My concern is relating the
authorized user, with their access level to the actual programs.
Currently I use the:
if choice='A' .and. x=5 .and. y > 3
do the procedure
endif
where x is theuser's id number and Y is the user's access level. I use
fp/dos 2.6. I encrypt my source on compiling. I don't use variable
names that are too descriptive. I do other things to keep a program
from running on a computer that is not mine.
Any thoughts on a better way to connect the user data with the
application?
John
--- StripMime Report -- processed MIME parts ---
multipart/alternative
text/plain (text body -- kept)
text/html
---
[excessive quoting removed by server]
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
