| Subject | AW: [firebird-support] Safe method for users to change its own password |
|---|---|
| Author | Christian Waldmann |
| Post date | 2010-04-28T15:17:41Z |
Hello Ramiro
I have a table with user data and password. I use the fb_mhash UDF to
get a hash of the user passwod and I only store this hash in my table.
When the user enters the password later, I compared the hash of this
password the sorted hash.
The link to fb_mhash can be found at ipphoenix under contributed or with
google at nixbit
Successful programming
Christian
Von: firebird-support@yahoogroups.com
[mailto:firebird-support@yahoogroups.com] Im Auftrag von Michael Ludwig
Gesendet: Dienstag, 27. April 2010 21:01
An: firebird-support@yahoogroups.com
Betreff: Re: [firebird-support] Safe method for users to change its own
password
Ramiro Barreca schrieb am 26.04.2010 um 10:09:06 (-0300):
Firebird account for your application and have a server grant or deny
access to the database upon successful or unsuccessful authorization
against a user database of your own implementation (stored in Firebird),
which is the standard thing to do with web applications. But if your
application is just two-tier Delphi to Firebird, then this isn't an
option.
--
Michael Ludwig
[Non-text portions of this message have been removed]
I have a table with user data and password. I use the fb_mhash UDF to
get a hash of the user passwod and I only store this hash in my table.
When the user enters the password later, I compared the hash of this
password the sorted hash.
The link to fb_mhash can be found at ipphoenix under contributed or with
google at nixbit
Successful programming
Christian
Von: firebird-support@yahoogroups.com
[mailto:firebird-support@yahoogroups.com] Im Auftrag von Michael Ludwig
Gesendet: Dienstag, 27. April 2010 21:01
An: firebird-support@yahoogroups.com
Betreff: Re: [firebird-support] Safe method for users to change its own
password
Ramiro Barreca schrieb am 26.04.2010 um 10:09:06 (-0300):
> Is there any SAFE method to allow users to change their own passwordDepending on the kind of application you have, you could have just one
> from an app (i.e. a Delphi one)?
> We need to encrypt in some way users passwords, but this means allow
> the app to use "gsec" with the SYSDBA user/pass from within the app.
> Isn't it? Is there another way that would allow the own user change
> its own password with its own credentials from the app?
Firebird account for your application and have a server grant or deny
access to the database upon successful or unsuccessful authorization
against a user database of your own implementation (stored in Firebird),
which is the standard thing to do with web applications. But if your
application is just two-tier Delphi to Firebird, then this isn't an
option.
--
Michael Ludwig
[Non-text portions of this message have been removed]