Subject Re: [IBO] [OT] Login User and change password on application
Author Geoff Worboys
> What we want is, if user login in some client , so this user
> cann't log in in another client ( 1 connection for 1 time).
> How can't i determine if this user is still login ?

There is no direct support for this under Interbase, you have to fudge
it for yourself by...

When the user logs in you run a procedure that creates a "session"
record in a table - keyed by the user logon and the workstation name
(and if running on Linux or MS Terminal Server you will also need a
session identifier).

When the user logs out you run another procedure to remove the session
record.

You must also allow for failed sessions - the server dies, the client
dies or whatever. In the last day or so someone actually posted a
description of setting up a timer mechanism which continuously updates
the session record - so that you can detect a failed session because
it has not been updated recently.


> The second case, i will give user to change his/her password
> from my app. I still confuse what a encrypt method for password
> in isc4.gdb files. ( I hear from another list that we can change
> this security file with another)

Presuming you are using IB5 or IB6 there is API support for this. See
IB_Connection.AlterUser in the online help.

Note that Interbase does not know or care what client application is
accessing the server. To prevent users from accessing the database
from some other application I setup my application so that it hashes
the password input by the user into a different value. So the user
does not know what password is actually used to access the database
(and so cannot logon from a different application). This is far from
perfect, and would not hold back an expert hacker for very long - but
not many of my users fall into this category.


> Maybe this is a dump question, but this is the first step
> for me to make my first app.

I would not make it your first step. Just ensure that your logon and
logoff process is isolated so you can add these steps later. Then get
on with the real work and come back to this when you are more familiar
with IBO and Interbase.

Take a look at the articles on this site which are very useful in
relation to security management:
http://www.volny.cz/iprenosil/interbase/



HTH

Geoff Worboys
Telesis Computing