Most applications with built-in password security store the user name and password information in the underlying database. While this is convenient and allows for easy administration, it isn’t always the most secure because a variety of users, mostly internal, have access to that information. A malicious employee with access to password data can steal another user’s identity and forge bogus transactions. This form of identity theft is commonly used by insiders to create fictitious customer accounts and then ship products to mail drops or to initiate credit card refunds to their own accounts.
One simple and effective defense against identify theft is encrypting the password in the database using one of several simple encryption protocols. The application program encrypts the clear text password before comparing it to the stored encrypted password as part of its authentication protocol. This prevents unauthorized users from using the passwords because the clear text version isn’t stored in the database.
Iron Speed Designer can generate role-based security for your application using user name and password fields in your database, and not in any special tables created by Iron Speed Designer. You can quickly and conveniently build applications on top of your existing database, using existing user names and passwords. Adding simple but effective password encryption is easily accomplished by sub-classing the automatically generated sign in classes in the class hierarchy.