| Subject | Re: Create users or roles |
|---|---|
| Author | Nick Sydenham |
| Post date | 2004-02-27T12:57Z |
Rick,
Spot on. Good job I asked as I would never have figured it out myself.
I take it the double encryption is to make the password harder to decrypt?
Nick
Spot on. Good job I asked as I would never have figured it out myself.
I take it the double encryption is to make the password harder to decrypt?
Nick
--- In Firebird-Java@yahoogroups.com, "Rick Fincher" <rnf@t...> wrote:
> Hi Nick,
>
> From the commandline it looks like this:
>
> JCrypt "masterkey" with salt of 9z:
>
> C:\myProjects\jcrypt>java JCrypt 9z masterkey
> [9z] [masterkey] => [9zQP3LMZ/MJh.]
>
> Strip the salt off the result (the "9z" at the beginning) and JCrypt it
> again using 9z as salt:
>
> C:\myProjects\jcrypt>java JCrypt 9z QP3LMZ/MJh.
> [9z] [QP3LMZ/MJh.] => [9zn2zpJI3qBh2]
>
> Now strip the salt off the result (again the 9z at the beginning)
and you
> get: n2zpJI3qBh2
>
> That should be in your password database, at least it was in my isc4.gdb
> database under Firebird 1.0.
>
> Is that what you were doing or did it change for Firebird 1.5 and the
> security.fdb database?
>
>
> Rick
>
> ----- Original Message -----
>
> > Hi Rick,
> >
> > Getting closer...
> >
> > Does it matter that when I use JCrypt to encrypt 'masterkey' it
> > doesn't look the same as the password in security.fdb?
> >
> > Nick
> >
> > --- In Firebird-Java@yahoogroups.com, "Rick Fincher" <rnf@t...> wrote:
> > > Hi Nick,
> > >
> > > Below is a code example from Phil, who implemented JCrypt to encode
> > > passwords. I 'll put this in the FAQ.
> > >
> > > Rick
> > >
> > > > You need to implement the crypt function to generate
> > > > the password.
> > > >
> > > > I have given an example bellow of the calls to the
> > > > crypt function.
> > > >
> > > > Using gsec, a user can see the processes running
> > > > and get the new and
> > > > old password !
> > > >
> > > > To create a user, generate the password, then
> > > > create an entry in the
> > > > security database for the user.
> > > >
> > > > The Firebird and Interbase security database is
> > > > named isc4.gdb, V7
> > > > uses admin.ib.
> > > >
> > > > // Create the user and set the password
> > > >
> > > > // Get the encrypted password.
> > > > String s1 = JCrypt.crypt("9z", sLoginPassword);
> > > > // Remove the salt
> > > > s1 = s1.substring(2, s1.length());
> > > > String s2 = JCrypt.crypt("9z", s1);
> > > > // Remove the salt
> > > > s2 = s2.substring(2, s2.length());
> > > > sLoginPassword = s2;
> > > >
> > > > I have put the impl of JCrypt into the files
> > > > section,
> > > >
> > > > Good Luck,
> > > >
> > > > From,
> > > >
> > > > Phill
> > > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "Nick Sydenham" <nsydenham@y...>
> > > To: <Firebird-Java@yahoogroups.com>
> > > Sent: Friday, February 20, 2004 6:19 AM
> > > Subject: [Firebird-Java] Re: Create users or roles
> > >
> > >
> > > > Rick,
> > > >
> > > > That helps a lot, unfortunately I don't have much of an idea
how to
> > > > use the JCrypt class. What salt does Firebird use if at all?
> > > >
> > > > Nick
> > > >
> > > > --- In Firebird-Java@yahoogroups.com, "Rick Fincher"
<rnf@t...> wrote:
> > > > > Hi Nick,
> > > > >
> > > > > Yes, you just have to work with the user database, typically
> > > > isc4.gdb. The
> > > > > hardest part is the encoding of the passwords.
> > > > >
> > > > > A package is in the download area of this group on
> > yahoogroups.com that
> > > > > handles encoding/decoding the passwords for you.
> > > > >
> > > > > Roles are stored in the system database RDB$ROLES.
> > > > >
> > > > > Hope this helps,
> > > > >
> > > > > Rick
> > > > >
> > > > > ----- Original Message -----
> > > > >
> > > > > > Is it possible using Java to create and manipulate users
and roles
> > > > > > within Firebird?
> > > > > >
> > > > > >
> > > > > >
> > > >
> > > >
> > > >
> > > >
> > > > Yahoo! Groups Links
> > > >
> > > >
> > > >
> > > >
> > > >
> >
> >
> >
> >
> > Yahoo! Groups Links
> >
> >
> >
> >
> >