Subject AW: [firebird-support] Safe method for users to change its own password
Author Christian Waldmann
Hello Ramiro

I have a table with user data and password. I use the fb_mhash UDF to
get a hash of the user passwod and I only store this hash in my table.
When the user enters the password later, I compared the hash of this
password the sorted hash.

The link to fb_mhash can be found at ipphoenix under contributed or with
google at nixbit

Successful programming


[] Im Auftrag von Michael Ludwig
Gesendet: Dienstag, 27. April 2010 21:01
Betreff: Re: [firebird-support] Safe method for users to change its own

Ramiro Barreca schrieb am 26.04.2010 um 10:09:06 (-0300):

> Is there any SAFE method to allow users to change their own password
> from an app (i.e. a Delphi one)?
> We need to encrypt in some way users passwords, but this means allow
> the app to use "gsec" with the SYSDBA user/pass from within the app.
> Isn't it? Is there another way that would allow the own user change
> its own password with its own credentials from the app?

Depending on the kind of application you have, you could have just one
Firebird account for your application and have a server grant or deny
access to the database upon successful or unsuccessful authorization
against a user database of your own implementation (stored in Firebird),
which is the standard thing to do with web applications. But if your
application is just two-tier Delphi to Firebird, then this isn't an

Michael Ludwig

[Non-text portions of this message have been removed]