Integrated windows authentication? - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » COM Scripting » Integrated windows authentication?

Page 1 of 1

1

Topic Options

#176262 - 2007-05-14 05:27 PM Integrated windows authentication?
masken masken MM club member Registered: 2000-11-27 Posts: 1222 Loc: Gothenburg, Sweden	So I'm having an idea about a KiXforms app that is connected to a db. The db contains somewhat sensitive information and shold only be accessible after auth. Problem is it also have to be available offline (sales people on the road). So I was thinking an encrypted Access db with integrated windows auth. Would it be possible to script the auth towards a cached user/pass on an xp machine? _________________________ The tart is out there
Top

#176273 - 2007-05-15 12:05 AM Re: Integrated windows authentication? [Re: masken]
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11628 Loc: CA	Shawn might be able to help you customize something since this is similar in practice perhaps to how he created his version of RunNas Will have to wait to hear back from Shawn on that though as it's only a guess on my part. MS does not make an easy connection like that available to normal Admins without some actual code writing that I'm aware of.
Top

#176280 - 2007-05-15 04:36 PM Re: Integrated windows authentication? [Re: masken]
Richard H. Richard H. Administrator Registered: 2000-01-24 Posts: 4946 Loc: Leatherhead, Surrey, UK	I'm not sure why this is an issue, maybe I don't understand what you are trying to do. If the permissions on the access database files are restricted to a specific user / group this would apply whether you were on the corporate network or authenticated with cached credentials. If you don't have read access to the files you cannot open the database.
Top

#176282 - 2007-05-15 05:15 PM Re: Integrated windows authentication? [Re: Richard H.]
masken masken MM club member Registered: 2000-11-27 Posts: 1222 Loc: Gothenburg, Sweden	@Richard, are you thinking about NTFS permissions? I want the auth in the db itself... I haven't ellaborated further in Access encryption though so I really don't know how this works yet. _________________________ The tart is out there
Top

#176297 - 2007-05-16 06:31 AM Re: Integrated windows authentication? [Re: masken]
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	Don't think MS Access supports integratd Windows authentication. However, you can use the build-in authentication functions. _________________________ There are two types of vessels, submarines and targets.
Top

#176298 - 2007-05-16 06:37 AM Re: Integrated windows authentication? [Re: Sealeopard]
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11628 Loc: CA	I don't think most off the shelf software does that's why a programmer has to right code to be the middle-man for the authentication.
Top

#176303 - 2007-05-16 09:54 AM Re: Integrated windows authentication? [Re: NTDOC]
Richard H. Richard H. Administrator Registered: 2000-01-24 Posts: 4946 Loc: Leatherhead, Surrey, UK	If you are thinking about encrypting the data could you not simply encrypt the folder in which the database files and scripts are located using the built-in feature of XP? Right-click folder->Properties->Advanced->Encrypt contents Unfortunately it's disabled on our standard builds so I can't test here. I know that the scripted method is more interesting, but if you stuck for a solution then this simple method may do it for you.
Top

#176326 - 2007-05-17 01:26 AM Re: Integrated windows authentication? [Re: Richard H.]
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11628 Loc: CA	Be for warned though that removal of the account or even a password change of the account for the encrypted file/folders will result in non access even by an Administrator. I would read up on MS Encrypted folders before using and understand long term effects.
Top

#176328 - 2007-05-17 09:51 AM Re: Integrated windows authentication? [Re: NTDOC]
Richard H. Richard H. Administrator Registered: 2000-01-24 Posts: 4946 Loc: Leatherhead, Surrey, UK	Originally Posted By: NTDOC Be for warned though that removal of the account or even a password change of the account for the encrypted file/folders will result in non access even by an Administrator. Sounds pretty secure to me $;\)$ I've done a bit of reading, and the encryption technique uses a public/private key pair, so I'm not sure why you think that a password change would be an issue (other than the user losing his key pair). You can also designate a recovery agent, who will always be able to recover the data. MS file system encryption best practices: http://support.microsoft.com/kb/223316/EN-US/
Top

#176335 - 2007-05-18 03:04 AM Re: Integrated windows authentication? [Re: Richard H.]
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11628 Loc: CA	Not very secure if IT has a key now is it $;\)$ I would not think a password change would matter, however I've seen it happen on two different machines/users so it could be a fluke, but if the data is that important you shouldn't mess with something a bit flaky (but up to whomever chooses to use it). I use PGP for stuff I want to be reasonably secure, though I'm not sure that's where he wants to go with this. I think he just wants a hook into the MS Authentication that's easy which would be nice but I don't know of any easy way without coding it.
Top

#176340 - 2007-05-18 09:49 AM Re: Integrated windows authentication? [Re: NTDOC]
Richard H. Richard H. Administrator Registered: 2000-01-24 Posts: 4946 Loc: Leatherhead, Surrey, UK	I found an old (Access 2000) KB article on security which was interesting reading: http://support.microsoft.com/default.aspx?scid=kb;en-us;165009 Also interesting is that user level security has been dropped in Access 2007, though it will continue to support Access 2003 MDBs withe user level security. I assume that this is because having all the security contexts on the computer make it too easy to crack. The only real user security which is not filesystem related that I can see in Access 2007 is securing the (entire) MDB file with a single fixed password which is used to encrypt the data. So I don't think that hooking into Windows Authentication is going to help - other than providing a login to the application, which is really just window dressing.
Top

#176375 - 2007-05-21 06:08 PM Re: Integrated windows authentication? [Re: NTDOC]
Shaba1 Shaba1 Fresh Scripter Registered: 2005-08-20 Posts: 44	I need the same thing to a mysql database. I know I cannot ask my users to remember two passwords and they would complain if they had to enter a username and password more then once after they turned on the computer. I am just starting with kixtart so I have no solutions but I will watch this thread to see of someone comes up with one.
Top

#176377 - 2007-05-21 06:56 PM Re: Integrated windows authentication? [Re: NTDOC]
Shaba1 Shaba1 Fresh Scripter Registered: 2005-08-20 Posts: 44	I need the same thing to a mysql database. I know I cannot ask my users to remember two passwords and they would complain if they had to enter a username and password more then once after they turned on the computer. I am just starting with kixtart so I have no solutions but I will watch this thread to see of someone comes up with one.
Top

#176388 - 2007-05-22 09:55 AM Re: Integrated windows authentication? [Re: Shaba1]
Richard H. Richard H. Administrator Registered: 2000-01-24 Posts: 4946 Loc: Leatherhead, Surrey, UK	Originally Posted By: Shaba1 I need the same thing to a mysql database. Please start your own thread. The answer to your question is in the MySQL security FAQ which you can find at http://dev.mysql.com/doc/refman/5.0/en/faqs-security.html#qandaitem-26-9-4 Specifically the entry: Quote: 26.9.4: Does MySQL 5.0 have built-in authentication against LDAP directories? No. Support for external authentication methods is on the MySQL roadmap as a “rolling feature”, which means that we plan to implement it in the future, but we have not yet determined when this will be done. In other words, no, there is no simple way to integrate AD authentication. If you only need lightweight security, you could get around the problem by implementing a simple password system. Either use the username as a seed to generate a pseudo-random password, or use something like the users SID as the password. This would allow you to automatically connect to the DB without making the user enter a password. If you use the SID make sure that you reverse it, so that the most significant part is at the start! The hash method is better, as it means users cannot easily guess the password of another user. It also measn that you can later change all the passwords by tweaking the password generation mechanism if it is discovered - either by changing the password generation script or perhaps by keeping a "salt" value on a read-only share. In either case, you will need to ensure that the script is tokenised, otherwise your users will be able to read / copy the code and break in.
Top

Page 1 of 1

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart

Hop to:

Shout Box

Who's Online

0 registered and 874 anonymous users online.

Newest Members

StuTheCoder, M_Moore, BeeEm, min_seow, Audio
17884 Registered Users

Generated in 0.139 seconds in which 0.092 seconds were spent on a total of 13 queries. Zlib compression enabled.

click tracking