Security module required for developed software

Asked By 20 points N/A Posted on -
qa-featured

Hi,

I have developed a software for a company. They want to add security rights in it. Their requirements are to assign tasks to their employees separately, with separate user name and passwords.

The issue is that: an employee who is not authorized for a task, should not be able to view  that task, that particular task should be invisible for him.  Is it possible when I am working with VB.60 and SQL server?

Thanks!

SHARE
Best Answer by Kate_spears
Best Answer
Best Answer
Answered By 0 points N/A #91579

Security module required for developed software

qa-featured

Hi Fari2,

Implementing user-rights management is simple to begin with, but quite difficult to master.

I cannot give you the actual code, but I can give you an idea of concepts that would help you write the code you need. Basically you want to keep usernames and passwords hashed in a database, then maybe add a field to indicate permissions, department they belong to etc. Just keep these in mind:
 

  • Sanitize user input – do NOT use unclean user input directly in a database query (such as when checking for username / password for login). Be mindful of SQL injection and XSS attacks.
  • Store sensitive information using encryption. For authentication items like passwords, it is good practice to use 1-way encryption combined with 'salting'. For example, instead of just storing an MD5 sum of the a password directly, append a long character string before getting the MD5.


I am sure other users should be able to pitch in additional information.  So just be patient and think things out before you code.

Hope this helps

Answered By 10 points N/A #91580

Security module required for developed software

qa-featured

In this case, simply you need to develop a security module with working like:

Separate username and passwords for all employees.

Add the list of all forms in the database.

Develop a form with the list of all forms, with check boxes for each item in the list.

When you are making a new user for your database, specify his authorized forms and save that in the database.

And when that user logged on, firstly check the list of forms authorized for him.

Just make invisible the authorized forms, and hide others.

Make sure that this complete process is controlled by administrator or authorized user.

Answered By 20 points N/A #91581

Security module required for developed software

qa-featured

Very informative question. Waiting for the solution.

Answered By 20 points N/A #91582

Security module required for developed software

qa-featured

I have developed a form with the facility of adding, editing and deleting the information of employees. And another form is also there, where we can make the username and passwords for the already saved employees.

Now the issue is, how can I save the list of the forms attached in the project? I am working with the additional component for the main menu instead of a built-in menu for VB.60 projects. And in database, where can I save the list of authorized forms for a user? In the table of employee or a new table is required?

Help me in detail, waiting

Related Questions