I have a VB application which connects to a SQL Server db. I need to give a user name and password to login to the application. This password which is stored in the database is encrypted. But I need a method by which I can prevent someone from going directly to the database and then deleting the password and logging to the application with a blank password

hi,

if user know database password, i think we can't prevent him if he really want to delete the password.

but in vb application we can stop user with password blank by cheking the password lenth. any how we restrict passwords. like ( pwd should consis of more then six characters, it should not same as user name ..ect)

think of it if usefull..

enjoy vb programming...

all the best

You can add a restraint to the database column to not allow Nulls and also set the length / type of data required.

Otherwise, srikanthvja is right. You shouldn't provide access to the database directly.

My tips:

1) change VB application so it connect with real database user login (not a table stored password but in one login account)

2) If not 1) than: Users cannot know real login information from your SQL Server database! If they don't know it than they cannot do anything (only by VB application which internally knows a password)

3) If not 1-2) than: change VB application so user cannot login if there is no valid entry in passwords table. That will teach them not to delete passwords :D .

Best regards,
Krzemo.

PS: I would strongly advise to use SQL security which allows U to differentiate and fine tune permissions on database.