Project JEDI - Issue Tracker
Mantis Bugtracker

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0002323 [JEDI VCL] 04 Feature Request minor N/A 2004-11-17 19:53 2006-06-28 02:14
Reporter tanbronson View Status public  
Assigned To obones
Priority normal Resolution fixed  
Status resolved   Product Version 3.00 BETA 2
Summary 0002323: Need a way to use TJvDBSecurity, and scramble the users password
Description We have an application that 'encrypts' the users database password, so I added an event to TJvDBSecurity & friends to that is ultimately called by TJvDBLoginDialog.FillParams so we can 'encrypt' the password that the user has entered.

I'm not sure this is the most elegant way to accomplish this, but it's working for me.
Additional Information
Tags No tags attached.
Attached Files zip file icon Patch.zip [^] (10,473 bytes) 2004-11-17 19:53

- Relationships

-  Notes
(0008733)
obones (administrator)
2006-03-30 02:43

Why not use the OnCheckUser event?
(0008751)
tanbronson (reporter)
2006-03-30 05:58

I explored OnCheckUser, but the passed 'password' is not var, so we cannot change the actual password. I didn't explore making the password var, so I don't know if that's any uglier than what I did.
(0008754)
obones (administrator)
2006-03-30 06:47

But isn't CheckUser where the actual check the password is correct done?
Maybe I'm missing the point of what you want to do here. If so, please provide detailed steps, I don't know this component that well.
(0008773)
tanbronson (reporter)
2006-03-30 09:44

The idea was that someone may have a "valid" password,
but that password in the database is not directly usable.
So the real database password is a hash of the "valid" password.

My new event handler takes the user's password after they have entered it,
transforms in via hashing, and replaces it, allowing the regular login process to continue.
(0008849)
obones (administrator)
2006-04-03 13:13

Ok, then I don't quite get how all this works.
Could you post a sample application showing a "dummy's guide" what it does today, and what you'd like to do?
That would help me a lot.
(0008850)
tanbronson (reporter)
2006-04-03 13:29
edited on: 2006-06-27 08:52

I don't have the time to create a fake application, so this fragment will help:

  JVDBSecurity := TJvDBSecurity.Create(Self);

  try
    with JvDBSecurity do
    begin
      Active := False;
      AppStorage := JvAppRegistryStorage;
      AppStoragePath := 'Database';
      Database := dbAdvantix;
      Name := 'JvDBSecurity';
      SelectAlias := True;
    end;

    jvDBSecurity.OnPasswordEncrypt := ScramblePassword;
    if not jvDBSecurity.Login then
      Application.Terminate;
  finally
    JvDBSecurity.Free;
  end;

procedure TdmMain.ScramblePassword(Sender: Tobject; const UserName: String; var Password: String;
  const Alias: string);
begin
   // Their password is not what they think it is
   // so they cannot directly login into the database
   // (unless they read this :-)
   Password := Format('x%sxx%syy', [UserName,Password]);

end;

(0008851)
tanbronson (reporter)
2006-04-03 13:31

The key in the attached event handlers is the ability to change the database password used by our application (determistically) so that the user really does have a login into our database, just not with the password that they think :-)
(0009695)
obones (administrator)
2006-06-27 08:30

Please provide a complete example, your code does not compile (where is CheckUserDenial for instance?)
(0009699)
tanbronson (reporter)
2006-06-27 08:53

I've updated my previous example to get it closer to working.

Hopefully this is enough to show what I'm trying to do...

Thanks.
(0009703)
obones (administrator)
2006-06-28 02:14

OnGetPassword has now been added to SVN. This name was chosen as it is more generic.

- Issue History
Date Modified Username Field Change
2004-11-17 19:53 tanbronson New Issue
2004-11-17 19:53 tanbronson File Added: Patch.zip
2006-03-30 02:43 obones Note Added: 0008733
2006-03-30 02:43 obones Status new => feedback
2006-03-30 05:58 tanbronson Note Added: 0008751
2006-03-30 06:47 obones Note Added: 0008754
2006-03-30 09:44 tanbronson Note Added: 0008773
2006-04-03 13:13 obones Note Added: 0008849
2006-04-03 13:29 tanbronson Note Added: 0008850
2006-04-03 13:31 tanbronson Note Added: 0008851
2006-06-27 03:42 obones Status feedback => assigned
2006-06-27 03:42 obones Assigned To => obones
2006-06-27 08:30 obones Note Added: 0009695
2006-06-27 08:52 tanbronson Note Edited: 0008850
2006-06-27 08:53 tanbronson Note Added: 0009699
2006-06-28 02:14 obones Status assigned => resolved
2006-06-28 02:14 obones Fixed in Version => Daily / SVN
2006-06-28 02:14 obones Resolution open => fixed
2006-06-28 02:14 obones Note Added: 0009703


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker