| Subject | Re: AW: [ib-support] User Management |
|---|---|
| Author | Doug Chamberlin |
| Post date | 2002-02-06T00:45:09Z |
At 02/05/2002 04:00 PM (Tuesday), Christian Gütter wrote:
didn't include anything which helps a user change his password.
The algorithm for hashing an IB/FB password is published, although I cannot
find a current URL for the sample code I once saw. Using this code you can
have your application obtain a user's raw password and hash it and compare
it with the field value in ISC4.GDB to validate it. You can also update the
ISC4.GDB field with the hashed value of the user's new password. Any app
can do this, given enough rights to the ISC4.GDB record.
>As far as I understand Ivan's solution, it won't affect any existingThe way I read it, Ivan's changes allow a user to only SEE his password. He
>software.
>
>The way he uses an before update trigger also ensures that a user is
>only able to modify his own password.
didn't include anything which helps a user change his password.
The algorithm for hashing an IB/FB password is published, although I cannot
find a current URL for the sample code I once saw. Using this code you can
have your application obtain a user's raw password and hash it and compare
it with the field value in ISC4.GDB to validate it. You can also update the
ISC4.GDB field with the hashed value of the user's new password. Any app
can do this, given enough rights to the ISC4.GDB record.