Let me address a few issues:
1) My question was regarding making the software association between the user data in the user database, along with his/her authority level and id, and the executing program.
2) The security issue of my .dbf files is another issue. First, I link some data to other databases, the association being in the program. Secondly, I encrypt certain fields (actually very few-name, etc.). Thirdly, I lock the .dbf so it cannot be accessed by the excels of the world. Finally, I perform non-computer security procedures regarding data security. (How's that for being vague? :) )
I used to compare the entered plaintext password to the decrypted password for authentication. This was back in the 1990's before I learned how Linux does it. What happened is I learned how someone else solves the problem, liked the idea, and use it. I am using the same theory here regarding associating the user data with my program. That is why I showed the simple code that I use. I will not mention my security concern regarding how I associate the data to the program. I am hoping that someone out there will recognize the errors of my ways, and show me a better way to solve it.
I consider security to be a series of chain links. I attack them individually, not as a big blob.
John
On 03/05/2016 03:18 PM, John R. Sowden wrote:
applications that I use need to be secure and have an audit trail. I encrypt entered passwords, compare them to encrypted stored passwords, ala linux. I am comfortable with that. My concern is relating the authorized user, with their access level to the actual programs. Currently I use the: if choice='A' .and. x=5 .and. y > 3 do the procedure endif where x is theuser's id number and Y is the user's access level. I use fp/dos 2.6. I encrypt my source on compiling. I don't use variable names that are too descriptive. I do other things to keep a program from running on a computer that is not mine.
Any thoughts on a better way to connect the user data with the application?
John
--- StripMime Report -- processed MIME parts --- multipart/alternative text/plain (text body -- kept) text/html
[excessive quoting removed by server]