Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » ElevateDB Technical Support » Support Forums » ElevateDB General » View Thread |
Messages 1 to 5 of 5 total |
Create User with password that's not typable characters? |
Wed, Sep 12 2012 7:56 PM | Permanent Link |
IQA | Hi All,
Just wondering if it's possible to create a User in EDB that would use characters or something that people can't physically type using a standard keybaord. At least not without alot of hassle ? Reason I ask is, I want a way for support staff to be able to reset passwords for users without having fixed logins. (i.e one support person maybe looking after 100 clients sites) I'm going to have a revolving code based partly on current date and other things, they enter this changing code, which then uses the non typable user to gain access and reset certain passwords. I hope that makes sense. Thanks, Phil. |
Wed, Sep 12 2012 9:31 PM | Permanent Link |
Raul Team Elevate | How do you plan to type it into your program in the first place ?! You could use characters that are not on regular US keyboard (for example Alt+0223) if clients are in US. Or even see if you can enter non-printable ones (meaning ones below ascii 32). However one can use Character Map utility to build any kind of a string and then just copy it to clipboard or if i know what the password is enter it using codes so trick will be to hide the password. Raul On 9/12/2012 7:56 PM, Phil wrote: > ust wondering if it's possible to create a User in EDB that would use > characters or something that people can't physically type using a > standard keybaord. At least not without alot of hassle ? > > Reason I ask is, I want a way for support staff to be able to reset > passwords for users without having fixed logins. (i.e one support person > maybe looking after 100 clients sites) > > I'm going to have a revolving code based partly on current date and > other things, they enter this changing code, which then uses the non > typable user to gain access and reset certain passwords. > > I hope that makes sense. |
Thu, Sep 13 2012 3:42 AM | Permanent Link |
Roy Lambert NLH Associates Team Elevate | Phil
Its easy to create, and log in using software - any old characters will do since its just a string field. However, depending on how complex you make it, it will be extremely difficult for even authorised people to log in. I can foresee a number of problems eg: how are you going to log in to set up this password - or is this an example of recursion entering the password would need a special utility or lots of patience as they use alt and the number pad if any of the users get hold of ElevateDB and have the right access level they can view the passwords Personally I would have a utility app, a user with an impossible to type password, and when the app is run have a two or three level additional authentication built in. That could have a variable security system providing that the support person using it could easily (ie without visible pencil and paper) work out the password. eg: level1 - add day, month, year and enter the result level2: - enter own id & password level3: - add day & hour & month and enter result Roy Lambert [Team Elevate] |
Sat, Sep 15 2012 12:17 PM | Permanent Link |
Barry | Phil wrote:
>>Just wondering if it's possible to create a User in EDB that would use >>characters or something that people can't physically type using a >>standard keybaord. At least not without alot of hassle ? Why not just do an MD5 on the password with a salt? EDB does something like this internally before storing the password, but there is nothing preventing you from doing this before EDB gets the password. You can restrict certain forms to use this MD5 fcn which makes it very hard for other forms to replicate it. If you want to make things really difficult for people, you could store this MD5 function on a thumb drive that you carry with you and the MD5 calculation is NOT calculated in your forms at all. You have to run the password like "secret" through the thumb drive application to get a 32 character string and then copy and paste it into the password screen. There is an excellent free online password generator called LastPass.com that will not only generate a cryptic password for a website, but will automatically log you in (after you authenticate). If you're not using LastPass for storing login passwords for websites, you should at least consider using it. It is very good and also very portable. Barry |
Sun, Sep 16 2012 10:58 PM | Permanent Link |
Raul Team Elevate | Barry,
I'm not sure this would work for Phil's scenario - AFAIK he wants to use a "special" user in all his EDB installs that can reset other users passwords. The support staff can use his utility app with rotating daily password but then that utility app just uses the "special" login. How does one protect the "magic" login from users while still allowing the exact same user to run the utility app ? Raul On 9/15/2012 12:17 PM, Barry wrote: > Phil wrote: > > Why not just do an MD5 on the password with a salt? EDB does something like this internally before storing the password, but there is nothing preventing you from doing this before EDB gets the password. You can restrict certain forms to use this MD5 fcn which makes it very hard for other forms to replicate it. > > If you want to make things really difficult for people, you could store this MD5 function on a thumb drive that you carry with you and the MD5 calculation is NOT calculated in your forms at all. You have to run the password like "secret" through the thumb drive application to get a 32 character string and then copy and paste it into the password screen. > > There is an excellent free online password generator called LastPass.com that will not only generate a cryptic password for a website, but will automatically log you in (after you authenticate). If you're not using LastPass for storing login passwords for websites, you should at least consider using it. It is very good and also very portable. > > Barry > |
This web page was last updated on Tuesday, May 7, 2024 at 06:25 PM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |