home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Libris Britannia 4
/
science library(b).zip
/
science library(b)
/
PROGRAMM
/
DB_CLIPP
/
0669.ZIP
/
DBPASSWD.DOC
< prev
next >
Wrap
Text File
|
1985-12-30
|
4KB
|
79 lines
The short programs included here will enable you to design applications
that include a system-use log and password-protected entry to the
system. The password-protection scheme is a simple one - it allows
individuals to log on to a system, and tracks the amount of time the
individual spends logged on. Several relatively easy modifications can
be made to include information about projects being worked on (if
you were using this for client billing, for example), or, by assigning
acess levels to each user, to restrict access to various levels of a
multi-level program. The dBase III TIME() function can also be
manipulated to allow you to calculate elapsed time on the system (for
those who don't want to calculate it themselves).
If a greater level of security is required for your application, these
programs allow for encryption/decryption of passwords so that the
database containing user names does not contain the actual password.
Unfortunately, dBASE III doesn't lend itself very well to security, so
the method is by no means foolproof, but it should suffice to prevent
accidental discovery of passwords. If the application is compiled
using either Clipper or Wordtech's DBIII Compiler, the security would
be vastly improved.
The method of password encryption is not tremendously sophisticated,
but it works, and unless you read the .PRG file it would take a while
to break it. The encoding key is the length of the password. After
the password is entered, the word is parsed through a DO WHILE loop,
and each character's ASCII value is incremented by a value equal to the
length of the password. This new ASCII value is then converted back to
a letter or character, and concatenated onto the new, encrypted
password. The decryption module just reverses this process. You're
welcome to substitute any other method if you're not happy with this
one.
Logon and logoff times are entered into a system log database. This is
the part of the program I left wide open to user modification. You may
want to add more information to the SYSLOG database; using the dBase
III REPORT commands, you can design a report to extract information in
any format you want. This database cannot be INDEXed (during logoff,
the program assumes that the last record in the file is the current
record, which won't work if the file is INDEXed), so you will have to
either set up a SORT, or modify the program to allow INDEXing on the
field you are interested in.
There are 9 files in this package:
1. DBPASSWD.DOC - This file.
2. SETPASS.PRG - Command file which creates user-name/password pairs.
3. LOGON.PRG - Command file for verifying user-name/password, and
allowing user to access the system.
4. ENCRYPT.PRG - Procedure to encrypt password.
5. DECRYPT.PRG - Procedure to decrypt password.
6. MAINMENU.PRG - Sample menu program for demonstration purposes.
7. LOGON.DBF - Database file to store user-name/password pairs.
8. LOGON.NDX - Index file for LOGON.DBF - keyed to user-name.
9. SYSLOG.DBF - System-use database.
The first program that must be run is SETPASS. This allows you to
create user-name/password pairs. User-name is limited to 15
characters; passwords must be 10 characters or less. SETPASS includes
a call to ENCRYPT, which will store an encrypted password in the LOGON
database. If encryption isn't wanted, the call can be stripped out of
the program without making any other changes.
Once passwords have been created, you can use LOGON to access the
system you're protecting. LOGON includes a call to DECRYPT, which will
decode the encrypted password. If you've stripped out the encrypting
procedure, you'd better strip out DECRYPT also, or the program will go
down in flames. Again, the call can be stripped out without any other
changes.
LOGON allows three shots at the password. After the third unsuccessful
attempt, the user is dumped out of dBase to the system prompt. If there
is a successful logon, the user, date, and time are recorded in the
SYSLOG database. Assuming the user exits the program correctly, the
logoff time will also be recorded.
SYSLOG can be examined either by LISTing the file or by creating a
report. One final note: I wrote the command files using my own
preference in screen color. You may want to modify the SET COLOR
lines.