Table Input Mask: Password (1 Viewer)

[XelaIrodavlas]

Hi all,

Can anyone explain to me how the Input Mask's work (field property within a table)? I'm trying to setup a table with Fields for a Username(txtUser) and Password (txtPwd), the latter of which I've setup with 'password' in it's Input Mask property. So all I see is a string of asterisks (*) hooray.

Except that isn't all I see...

Turns out it's possible to extract the password by querying the table elsewhere: If I call the password field directly with SELECT MyTable.txtPwd, it returns a string of asterisks as expected, but if I add a simple string to the query, SELECT "ShowMe: " & [txtPwd] AS Expr1 I get the result "ShowMe: BobsPassword!"

I can pull off the same trick in a form by setting a TextBox Control Source to = "ShowMe: " & [txtPwd]. Which all means if someone wanted to break in, they could simply create a new Access application, Link to the back-end database, find the table with the password information, and print off a list of everyone's passwords with a very simple query...

Clearly Input Masks aren't a good way to protect passwords, so what good are they? Feels like a red herring honestly.

Is there an alternative way to store / protect passwords?

All thoughts appreciated

Thanks,

 

[Isaac]

Clearly Input Masks aren't a good way to protect passwords, so what good are they?

I think they're just good for "looking over someone's shoulder as they type" security. You might need to encrypt/decrypt the password. I think isladogs has a lot of material on that

 

[Pat Hartman]

Access databases are not secure so a lot of the "security" features are smoke and mirrors. If you are worried about data security, use SQL Server or some other RDBMS for the BE.