MATLAB Answers

Login and password in matlab

68 views (last 30 days)
Ankur Bawiskar
Ankur Bawiskar on 19 Mar 2012
i want to have a authentication code that asks username and password to user using ms-access and database is created in MS-access..when login is successful i.e. on button click then only further .m file should run..please help in this case..

Answers (5)

Sean de Wolski
Sean de Wolski on 19 Mar 2012
You could use pcode to pcode your *.m file that does the check.
doc pcode

Walter Roberson
Walter Roberson on 19 Mar 2012
There are password-related utilities in the MATLAB File Exchange.
However, pcoding your file can still be important in order to protect any hard-coded passwords.

Aldin
Aldin on 19 Mar 2012
At first you have to know how to make a connection with ms - access in MATLAB. Than write a SQL Query for select all usernames and passwords from your database. And finally check out with for loop if the entered username and password is the same as in your database. That's it.
  1 Comment
Walter Roberson
Walter Roberson on 19 Mar 2012
So I put in a breakpoint after the SQL Query, and look at the query result and I have all the usernames and passwords *right there* ??
I don't think so.
You prompt for a username. You prompt for a password, doing it in such a way that the password is not visible to the user. You do a query on that username and password combination. If you get back no records, complain that the username and password combination do not exist.
Do *not* query the database for the username and give an error if there is no entry for it before you've even asked for the password: that gives clues about which usernames actually exist, whereas if you query the combination then you just get back a response about the combination, which doesn't help an attacker figure out whether the username was wrong or the password was wrong.
Using trap-door encryption on the passwords is also a good idea.
http://en.wikipedia.org/wiki/Trapdoor_function

Sign in to comment.


Jan
Jan on 19 Mar 2012
It is extremly hard to securely conceal a password inside a P-file. Most of the methods to store or compare a string inside a function can be fooled by e.g. the debugger, locally injected variables or shadowed built-in function. Neither a trapdoor nor a 256 AES encryption helps, because a cheater can catch and modify the output of the comparison easily.
The only protection in P-coded files is that you cannot open them in the editor. As long as the user can step through a P-file line by line in the debugger, the high-tech encryption of the P-files is relatively ludicrous.
Therefore I suggest an M->C->Exe conversion for a password protection. Some standard ideas for secure identification:
  1. Never store passwords in clear text - use a hash function instead.
  2. Add salt to the hash, because too many users still use "Password1" or "123456", which can broken by a lookup table in some microseconds.
  3. No amateurish protection for professional software - although some famous software manufactures do not follow this rule.

Diego
Diego on 6 May 2012
The truth is, if you are looking for a secure system, don't use MSAccess. I love it and I work a lot with it.
But unfortunately MSAccess is not secure by any means.
No matter how deep you go into looking for security, it can be broken by automation in the end.
I think MS realize this and that's the reason in the newer versions of MSAccess (since 2007) you don't see those "security" tools you had in previous versions.
I'm telling you this because from my point of view nothing is worst than thinking you have a "protected" database when you don't.
As far as I remember some people of utteraccess did a great job building a security system for MSAccess, but still it has the automation problem.
So, my advice is use the tools both Matlab and MSAccess offer you, but don't break your head too much trying to make a bullet-proof app in security terms.
Regards,
Diego

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!