Subject | Re: [Firebird-Java] Re: Create users or roles |
---|---|
Author | Rick Fincher |
Post date | 2004-02-28T07:05:13Z |
Hi Nick,
I think the idea is that you encrypt it once to transmit, that way the raw
password is not transmitted. Then the server encrypts what gets transmitted
again so that what is transmitted is not stored in the password database.
I'm not sure if that's how Interclient/Interserver worked, or not.
That's something to keep in mind when you use this in the clear, you will be
pulling the encrypted password over the net, so an eavesdropper could
intercept it and use it later for unauthorized access.
Rick
I think the idea is that you encrypt it once to transmit, that way the raw
password is not transmitted. Then the server encrypts what gets transmitted
again so that what is transmitted is not stored in the password database.
I'm not sure if that's how Interclient/Interserver worked, or not.
That's something to keep in mind when you use this in the clear, you will be
pulling the encrypted password over the net, so an eavesdropper could
intercept it and use it later for unauthorized access.
Rick
> Rick,
>
> Spot on. Good job I asked as I would never have figured it out myself.
> I take it the double encryption is to make the password harder to decrypt?
>
> Nick
>
> --- In Firebird-Java@yahoogroups.com, "Rick Fincher" <rnf@t...> wrote:
> > Hi Nick,
> >
> > From the commandline it looks like this:
> >
> > JCrypt "masterkey" with salt of 9z:
> >
> > C:\myProjects\jcrypt>java JCrypt 9z masterkey
> > [9z] [masterkey] => [9zQP3LMZ/MJh.]
> >
> > Strip the salt off the result (the "9z" at the beginning) and JCrypt it
> > again using 9z as salt:
> >
> > C:\myProjects\jcrypt>java JCrypt 9z QP3LMZ/MJh.
> > [9z] [QP3LMZ/MJh.] => [9zn2zpJI3qBh2]
> >
> > Now strip the salt off the result (again the 9z at the beginning)
> and you
> > get: n2zpJI3qBh2
> >
> > That should be in your password database, at least it was in my isc4.gdb
> > database under Firebird 1.0.
> >
> > Is that what you were doing or did it change for Firebird 1.5 and the
> > security.fdb database?
> >
> >
> > Rick
> >
> > ----- Original Message -----
> >
> > > Hi Rick,
> > >
> > > Getting closer...
> > >
> > > Does it matter that when I use JCrypt to encrypt 'masterkey' it
> > > doesn't look the same as the password in security.fdb?
> > >
> > > Nick
> > >
> > > --- In Firebird-Java@yahoogroups.com, "Rick Fincher" <rnf@t...> wrote:
> > > > Hi Nick,
> > > >
> > > > Below is a code example from Phil, who implemented JCrypt to encode
> > > > passwords. I 'll put this in the FAQ.
> > > >
> > > > Rick
> > > >
> > > > > You need to implement the crypt function to generate
> > > > > the password.
> > > > >
> > > > > I have given an example bellow of the calls to the
> > > > > crypt function.
> > > > >
> > > > > Using gsec, a user can see the processes running
> > > > > and get the new and
> > > > > old password !
> > > > >
> > > > > To create a user, generate the password, then
> > > > > create an entry in the
> > > > > security database for the user.
> > > > >
> > > > > The Firebird and Interbase security database is
> > > > > named isc4.gdb, V7
> > > > > uses admin.ib.
> > > > >
> > > > > // Create the user and set the password
> > > > >
> > > > > // Get the encrypted password.
> > > > > String s1 = JCrypt.crypt("9z", sLoginPassword);
> > > > > // Remove the salt
> > > > > s1 = s1.substring(2, s1.length());
> > > > > String s2 = JCrypt.crypt("9z", s1);
> > > > > // Remove the salt
> > > > > s2 = s2.substring(2, s2.length());
> > > > > sLoginPassword = s2;
> > > > >
> > > > > I have put the impl of JCrypt into the files
> > > > > section,
> > > > >
> > > > > Good Luck,
> > > > >
> > > > > From,
> > > > >
> > > > > Phill
> > > > >
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Nick Sydenham" <nsydenham@y...>
> > > > To: <Firebird-Java@yahoogroups.com>
> > > > Sent: Friday, February 20, 2004 6:19 AM
> > > > Subject: [Firebird-Java] Re: Create users or roles
> > > >
> > > >
> > > > > Rick,
> > > > >
> > > > > That helps a lot, unfortunately I don't have much of an idea
> how to
> > > > > use the JCrypt class. What salt does Firebird use if at all?
> > > > >
> > > > > Nick
> > > > >
> > > > > --- In Firebird-Java@yahoogroups.com, "Rick Fincher"
> <rnf@t...> wrote:
> > > > > > Hi Nick,
> > > > > >
> > > > > > Yes, you just have to work with the user database, typically
> > > > > isc4.gdb. The
> > > > > > hardest part is the encoding of the passwords.
> > > > > >
> > > > > > A package is in the download area of this group on
> > > yahoogroups.com that
> > > > > > handles encoding/decoding the passwords for you.
> > > > > >
> > > > > > Roles are stored in the system database RDB$ROLES.
> > > > > >
> > > > > > Hope this helps,
> > > > > >
> > > > > > Rick
> > > > > >
> > > > > > ----- Original Message -----
> > > > > >
> > > > > > > Is it possible using Java to create and manipulate users
> and roles
> > > > > > > within Firebird?
> > > > > > >
> > > > > > >
> > > > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Yahoo! Groups Links
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > >
> > >
> > >
> > >
> > > Yahoo! Groups Links
> > >
> > >
> > >
> > >
> > >
>
>
>
>
> Yahoo! Groups Links
>
>
>
>
>