|Anonymous | Login | Signup for a new account||2019-05-20 13:43 CEST|
|Main | My View | View Issues | Change Log | Roadmap | Docs|
|Viewing Issue Simple Details|
|ID||Category||Severity||Reproducibility||Date Submitted||Last Update|
|0002323||[JEDI VCL] 04 Feature Request||minor||N/A||2004-11-17 19:53||2006-06-28 02:14|
|Status||resolved||Product Version||3.00 BETA 2|
|Summary||0002323: Need a way to use TJvDBSecurity, and scramble the users password|
We have an application that 'encrypts' the users database password, so I added an event to TJvDBSecurity & friends to that is ultimately called by TJvDBLoginDialog.FillParams so we can 'encrypt' the password that the user has entered.
I'm not sure this is the most elegant way to accomplish this, but it's working for me.
|Tags||No tags attached.|
|Attached Files||Patch.zip [^] (10,473 bytes) 2004-11-17 19:53|
|Why not use the OnCheckUser event?|
|I explored OnCheckUser, but the passed 'password' is not var, so we cannot change the actual password. I didn't explore making the password var, so I don't know if that's any uglier than what I did.|
But isn't CheckUser where the actual check the password is correct done?
Maybe I'm missing the point of what you want to do here. If so, please provide detailed steps, I don't know this component that well.
The idea was that someone may have a "valid" password,
but that password in the database is not directly usable.
So the real database password is a hash of the "valid" password.
My new event handler takes the user's password after they have entered it,
transforms in via hashing, and replaces it, allowing the regular login process to continue.
Ok, then I don't quite get how all this works.
Could you post a sample application showing a "dummy's guide" what it does today, and what you'd like to do?
That would help me a lot.
edited on: 2006-06-27 08:52
I don't have the time to create a fake application, so this fragment will help:
JVDBSecurity := TJvDBSecurity.Create(Self);
with JvDBSecurity do
Active := False;
AppStorage := JvAppRegistryStorage;
AppStoragePath := 'Database';
Database := dbAdvantix;
Name := 'JvDBSecurity';
SelectAlias := True;
jvDBSecurity.OnPasswordEncrypt := ScramblePassword;
if not jvDBSecurity.Login then
procedure TdmMain.ScramblePassword(Sender: Tobject; const UserName: String; var Password: String;
const Alias: string);
// Their password is not what they think it is
// so they cannot directly login into the database
// (unless they read this :-)
Password := Format('x%sxx%syy', [UserName,Password]);
|The key in the attached event handlers is the ability to change the database password used by our application (determistically) so that the user really does have a login into our database, just not with the password that they think :-)|
|Please provide a complete example, your code does not compile (where is CheckUserDenial for instance?)|
I've updated my previous example to get it closer to working.
Hopefully this is enough to show what I'm trying to do...
|OnGetPassword has now been added to SVN. This name was chosen as it is more generic.|
|2004-11-17 19:53||tanbronson||New Issue|
|2004-11-17 19:53||tanbronson||File Added: Patch.zip|
|2006-03-30 02:43||obones||Note Added: 0008733|
|2006-03-30 02:43||obones||Status||new => feedback|
|2006-03-30 05:58||tanbronson||Note Added: 0008751|
|2006-03-30 06:47||obones||Note Added: 0008754|
|2006-03-30 09:44||tanbronson||Note Added: 0008773|
|2006-04-03 13:13||obones||Note Added: 0008849|
|2006-04-03 13:29||tanbronson||Note Added: 0008850|
|2006-04-03 13:31||tanbronson||Note Added: 0008851|
|2006-06-27 03:42||obones||Status||feedback => assigned|
|2006-06-27 03:42||obones||Assigned To||=> obones|
|2006-06-27 08:30||obones||Note Added: 0009695|
|2006-06-27 08:52||tanbronson||Note Edited: 0008850|
|2006-06-27 08:53||tanbronson||Note Added: 0009699|
|2006-06-28 02:14||obones||Status||assigned => resolved|
|2006-06-28 02:14||obones||Fixed in Version||=> Daily / SVN|
|2006-06-28 02:14||obones||Resolution||open => fixed|
|2006-06-28 02:14||obones||Note Added: 0009703|
|Mantis 1.1.6[^] Copyright © 2000 - 2008 Mantis Group|