                          **    dBPASS v1.0    **
                       Password routines for dBase IV
                            by Frederico Terenas
                                  11-03-92

 
       This package contains some simple routines to implement password 
    protection in dBase IV applications.

       The need for password protection occurred recently, when usage of 
    a commercial application I developed which stored important technical
    services information had to be restricted to the officer-in-charge. 
       
       Many thanks to my brother Srgio, for devising this simple (yet
    efficient) encryption method (more about this later) and everyone
    in groups comp.databases and bit.listserv.dbase-l who helped me.

       This package is published as shareware and you are encouraged to
    distribute it provided it is complete and no fees are charged
    (a small fee can be charged to cover distribution costs). The source
    code can be freely changed to suit particular requirements.

       Users are urged to register with me so I can provide further
    technical support, and upgrades. Registration is FREE. 

       To register, please E-mail me at: 

                       cs_a264@Kingston.ac.uk

       or send a letter to:

                       Frederico Terenas
                       Matto Grosso 1459
                       Las condes
                       Santiago
                       CHILE

      stating your E-mail address (or postal address) and any thing
      else you want to ask the author.

      I expect no money from anyone! If I see that there is enough
   interest from the database community, I will provide further routines,
   using different password encryption methods. Some of these methods
   are being studied at present. Please, support the author, by pointing
   out improvements, suggestions, or any bugs you find.


    The package comprises 3 program files:

    ===============================================================
    PASSCHEK.PRG  -  Routine to check that password typed at the
                     keyboard matches the one stored in file,

    PASSEDIT.PRG  -  Routine to change the password store in the
                     file. You must type the current password in
                     order to change it,

    DEMODBPW.PRG  -  Simple program to demo use of routines.    
    ===============================================================








        The Encryption.

        The  chosen password is transformed via some algorithm in 
    order to be unrecognizable by other users, or people trying to 
    break into your system. The algorithm that performs this is in
    the file PASSEDIT.PRG .

        The algorithm in this version, gets the ordinal value of
    each character that makes up the password. Then it adds this value
    to a pre-determined value, the encryption factor (stored as ENC_FACTOR).
    You can change this value at any time. The new value, representing
    each character is stored in an array and saved to a .MEM file.
    This file, when viewed with the TYPE command of DOS, doesn't reveal
    the password, but some unreadable characters.


        Checking if typed password is correct.

        The routine that checks if the password typed is the same as
    the one stored in the .MEM file is PASSCHEK.PRG . If the password
    entered is incorrect it leaves the program running by issuing a
    CANCEL command. If the password entered is correct, control returns
    to the calling program and this program can proceed.

        Tip: Put a call to this routine at the beginning of your
             application. If the password isn't entered correctly,
             the routine forces your application to return to DOS.

 
        Changing password.

        The routine responsible for this is called PASSEDIT.PRG . 
     This routine prompts the user to type the current password, 
     checks if this matches the password stored in the .MEM file and
     only if it is correct allows the user to proceed and change the 
     password. Any character can be used, but users should beware
     of using spaces or characters other than those they can remember.
     The user is then prompted to enter the new password, and once
     more to make sure the user remembers the password previously 
     entered. If these don't match, the password remains unchanged.

        Tip: Don't use spaces in your password. This becomes confusing. 
             Use both numbers and letters. This should be difficult
             enough for someone unauthorised to guess.


        Disabling password verification.

        The user can make the password checking routine (PASSCHEK.PRG) 
     skip the password verification by changing the password to
     <RETURN> (pressing the RETURN key). When changing the password,
     after typing the current password (and this being accepted), 
     pressing <RETURN> twice causes the password to be disabled, that
     is, the password checking routine doesn't check for a password.
     Password verification can be restored by changing the current 
     password (which is pressing the RETURN key) to a new name, as 
     described previously.











        The Demo!

        The user should have an insight into the capabilities of this
     package and now should load dBase IV and run the program DEMODBPW.PRG
     for a demonstration of the routines in this package. The Demo is menu
     driven and easy to use. The source code for the Demo is included.

     The current password is:  FRED      (please NOTE capital letters)


     Good luck.

     Frederico Terenas
     e-mail: cs_a264@Kingston.ac.uk




