As has been commented, if you're on dbf's they are inherently insecure (how sensitive is the data? if *very* then migrate to a dbms), but a clear-text userId hashed and used as an index against a file of hashed Id's seems pretty good to me. I have done something similar (though for more users and using a dbms and domain userids) :- to keep things manageable all users were a member of one *or more* 'groups' (groups table); each group had a list of fields it could access (fields table); when a user started the program (from a departmental file-server or possibly a pc) it first created a local ('C drive') dbc view on-the-fly from an spt select on the groups/fields tables (followed by some code 'borrowed' from MakeUpdateable.prg); the main menu could also be modified on-the-fly to en/disable some 'special' functions.
On 08/03/2016 01:16, John R. Sowden wrote:
Your comment: Yes, that is one area of concern. Is my way best, etc. But my other concern is how the program receives that data of ID and Access Level, and how is that data packaged. Is that process a security risk. My usage is simple and often simple is easy to bypass.
Example: I have 10 security levels. I ID each user from 0 to 9. Maybe that is too simple to avoid tampering. I have 10ish employees, so I have 20 ID 'numbers'. That is also easy to tamper with. These are my concerns.
John
On 03/07/2016 09:33 AM, Peter Cushing wrote:
On 07/03/2016 17:16, John R. Sowden wrote:
Let me address a few issues:
- My question was regarding making the software association between
the user data in the user database, along with his/her authority level and id, and the executing program.
Are you talking about a better way to limit/change which programs that the user is allowed to run? If so I can explain how we do it and that might help.
Peter
This communication is intended for the person or organisation to whom it is addressed. The contents are confidential and may be protected in law. Unauthorised use, copying or disclosure of any of it may be unlawful. If you have received this message in error, please notify us immediately by telephone or email. www.whisperingsmith.com
Whispering Smith Ltd Head Office:61 Great Ducie Street, Manchester M3 1RR. Tel:0161 831 3700 Fax:0161 831 3715 London Office:17-19 Foley Street, London W1W 6DW Tel:0207 299 7960
[excessive quoting removed by server]