1) create new user, the password dosent seems tally with the one that i enter
2) how to use sha256 when creating new user
2) if i import a list of password with sha256 value, how do i make the login works
Or is there any other ways to encrypt the password other than set the input value as password?
Your password isn't what you expect--so track it back--is Me.Password.Value the input you are typing the desired password into?
2. You need a function to implement the SHA256 hash in VBA. You could read the specs and write the code yourself, but its 2021 and the world is full of coders--start googling.
3. First some vocabulary. 'A Hash' is the output of an encryption method. Let's say you find that code and have a function that converts a password to SHA256. The function 'hashes' the password. You pass it the password string it returns a hash of that password:
Code:
Dim str_HashedPassword
str_HashedPassword=SHA256('YourPasswordHere')
So 'c829166dfbbe85995d419b81aaf7af77b390cd4f1a4d23909a2f30554ac7c39e' is now in str_HashPassword. 'YourPasswordHere' should not be in your database, that long string of gibbersh should be stored instead. What you have is wrong--you should be storing the hash and not the actual password.
Now, when you want to compare passwords to verify users--you hash their input and compare it to what's stored. You would change your login strSQL form code to this:
Code:
Private Sub login_Click()
..
strSQL = "Select username FROM tbluser WHERE Username = """ & Me.Username.Value & """ AND Password = """ & SHA256(Me.Password.Value) & """"
...
This way, no one can ever break into the database and grab actual passwords--they are never stored--just the hashes are and they don't know what to input into the SHA256() to generate those values.
Your password isn't what you expect--so track it back--is Me.Password.Value the input you are typing the desired password into?
2. You need a function to implement the SHA256 hash in VBA. You could read the specs and write the code yourself, but its 2021 and the world is full of coders--start googling.
3. First some vocabulary. 'A Hash' is the output of an encryption method. Let's say you find that code and have a function that converts a password to SHA256. The function 'hashes' the password. You pass it the password string it returns a hash of that password:
Code:
Dim str_HashedPassword
str_HashedPassword=SHA256('YourPasswordHere')
So 'c829166dfbbe85995d419b81aaf7af77b390cd4f1a4d23909a2f30554ac7c39e' is now in str_HashPassword. 'YourPasswordHere' should not be in your database, that long string of gibbersh should be stored instead. What you have is wrong--you should be storing the hash and not the actual password.
Now, when you want to compare passwords to verify users--you hash their input and compare it to what's stored. You would change your login strSQL form code to this:
Code:
Private Sub login_Click()
..
strSQL = "Select username FROM tbluser WHERE Username = """ & Me.Username.Value & """ AND Password = """ & SHA256(Me.Password.Value) & """"
...
This way, no one can ever break into the database and grab actual passwords--they are never stored--just the hashes are and they don't know what to input into the SHA256() to generate those values.
I have tried your Access file and still trying to digest. But at the same time, I added in security level in create new user form. However, I have some difficulties in saving the combo box value to the table.
And with the security level, I will have a navigation form. How do I allow only Admin user to access create new user form?
Have a look at my example database which uses RC4 encryption: Password Login - Mendip Data Systems
Attached is a slightly newer version of the app than that available from my website
Yes, the form is able to open and when login with normal user, the create new user is greyed out. Is it possible if I create 2 different navigation form (1 for admin and 1 for normal user). If login with admin, it will show the admin navigation form?
I tried to create new user and i have an error. As attached
Have a look at my example database which uses RC4 encryption: Password Login - Mendip Data Systems
Attached is a slightly newer version of the app than that available from my website