XelaIrodavlas
Registered User.
- Local time
- Today, 03:14
- Joined
- Oct 26, 2012
- Messages
- 174
Hi all,
Can anyone explain to me how the Input Mask's work (field property within a table)? I'm trying to setup a table with Fields for a Username(txtUser) and Password (txtPwd), the latter of which I've setup with 'password' in it's Input Mask property. So all I see is a string of asterisks (*) hooray.
Except that isn't all I see...
Turns out it's possible to extract the password by querying the table elsewhere: If I call the password field directly with
I can pull off the same trick in a form by setting a TextBox Control Source to = "ShowMe: " & [txtPwd]. Which all means if someone wanted to break in, they could simply create a new Access application, Link to the back-end database, find the table with the password information, and print off a list of everyone's passwords with a very simple query...
Clearly Input Masks aren't a good way to protect passwords, so what good are they? Feels like a red herring honestly.
Is there an alternative way to store / protect passwords?
All thoughts appreciated
Thanks,
Can anyone explain to me how the Input Mask's work (field property within a table)? I'm trying to setup a table with Fields for a Username(txtUser) and Password (txtPwd), the latter of which I've setup with 'password' in it's Input Mask property. So all I see is a string of asterisks (*) hooray.
Except that isn't all I see...
Turns out it's possible to extract the password by querying the table elsewhere: If I call the password field directly with
SELECT MyTable.txtPwd
, it returns a string of asterisks as expected, but if I add a simple string to the query, SELECT "ShowMe: " & [txtPwd] AS Expr1
I get the result "ShowMe: BobsPassword!"I can pull off the same trick in a form by setting a TextBox Control Source to = "ShowMe: " & [txtPwd]. Which all means if someone wanted to break in, they could simply create a new Access application, Link to the back-end database, find the table with the password information, and print off a list of everyone's passwords with a very simple query...
Clearly Input Masks aren't a good way to protect passwords, so what good are they? Feels like a red herring honestly.
Is there an alternative way to store / protect passwords?
All thoughts appreciated
Thanks,