Subject Re: [IBO] Changing user password in IBO
Author Helen Borrie
At 04:15 PM 8/10/2004 +0000, you wrote:


>Hi all, I would like to change a user's password programmatically. In
>IBX this was done using TIBSecurityService. Without IBX, I can see
>three ways to accomplish it:
>
>1) Use the API directly (can do it... but yuck).
>
>2) Use IBOAdmin. Problem with this is that it adds vcldb*.bpl to the
>project, which I want to avoid (this was part of the motivation for
>switching from IBX to IBO).
>
>3) Use the AlterUser routine, e.g. in TIB_SessionBase. The main
>problem with this seems to be that I cannot see a way to specify that
>I *only* want to change the user's password, not their first/last
>name. In other words, I cannot see a way to control the value of
>sec_flags in USER_SEC_DATA when I make a call to AlterUser.
>Therefore, to avoid setting the user's first/last name to blank when I
>change their password, it seems I need to first fetch their first/last
>name, but I also cannot find any hook into isc_spb_sec_username from
>IBO, so I'm back to option 1.

The method uses those flags to determine the operator's security
credentials - the application has to pass the operator's username and
password, since only SYSDBA has privileges to modify the USERS table in
security.fdb.

AlterUser(Action: TIB_AlterUserAction; AUserName, AUserPass, AGroupName,
AFirstName, AMiddleName, ALastName: string);

Include uaModifyUser as your TIB_AlterUserAction argument and use a valid
user name in AUserName. Pass empty strings in the other arguments unless
they are used.

If these other strings are used, then the SYSDBA ought to know them! but,
if you can't count on that, then you can emulate what TIBSecurityService
does. Put (or preferably, create in run-time) a tib_connection, a
tib_transaction and a tib_cursor explicitly for the purpose of reading them
from security.fdb into your AlterUser arguments. Write a function to do
this and keep everything private.

But don't be tempted to update the USERS table yourself, since there is
more to the storage of passwords than meets the eye, which is encapsulated
in AlterUser().

Helen