0

I want to disable all buttons on my forms in windows application if user is not from the Admin group. I have already made a database containing a table with user info having following fields username,password and user group.

Mohsin Raza Alvi
  • 1
  • 1

1 Answers1

0

You'd be better off creating different database users that can/cannot perform those operations in the db, because it's quite easy to re-enable a button using a window spy type program. Here's a link to a codeproject project where true author creates a simple app to re-enable disabled controls (to guard against link rot the essence of it is to find the handle of the control and call EnableWindow, send it a WM_ENABLE and set its style of WM_DISABLED to false). See also this article: 6 programs to forcefully enable disabled controls

The main thing I'm pointing out here is that these programs are nothing to do with your app. If I'm a user with hacker leanings and I find out the only way you protected your low level users against making db updates is by disabling the update button I'll just use an app to force your button enabled again and click it anyway. This level of security importance should be managed elsewhere

If you only want to have two db users and then roll your own users table you should start out your app using the readonly db user in the connection string and do the login, and if the user is an admin, alter the connection string to use the db user that can update

To be clear, when I say "db user" I mean a user/login for sql server like sa, I do not mean "an entry in the users table that represents a person that uses your peogram`. One login would have db_datareader privileged, another would have db_owner etc (SQL server nomenclature)

If you're still desperate to change the buttons see here for techniques that can enumerate all the buttons on a form: How to get ALL child controls of a Windows Forms form of a specific type (Button/Textbox)?

Be consistent about the naming of your buttons and you can then determine if it's an update button by eg the name containing "update"

Caius Jard
  • 72,509
  • 5
  • 49
  • 80
  • So i should design a new database and application for security and integrate both the applications. This is what you mean ? – Mohsin Raza Alvi Mar 03 '20 at 13:54
  • No, that's not what I mean. I mean do your security some other way than disabling the buttons. Disable the buttons if you want but don't let it be your only security – Caius Jard Mar 03 '20 at 13:57