View Issue Details

IDProjectCategoryView StatusLast Update
0002323JEDI VCL04 Feature Requestpublic2006-06-28 02:14
ReportertanbronsonAssigned Toobones 
PrioritynormalSeverityminorReproducibilityN/A
Status resolvedResolutionfixed 
Product Version3.00 BETA 2 
Target VersionFixed in Version3.30 
Summary0002323: Need a way to use TJvDBSecurity, and scramble the users password
DescriptionWe have an application that 'encrypts' the users database password, so I added an event to TJvDBSecurity & friends to that is ultimately called by TJvDBLoginDialog.FillParams so we can 'encrypt' the password that the user has entered.

I'm not sure this is the most elegant way to accomplish this, but it's working for me.
TagsNo tags attached.

Activities

2004-11-17 19:53

 

Patch.zip (10,473 bytes)

obones

2006-03-30 02:43

administrator   ~0008733

Why not use the OnCheckUser event?

tanbronson

2006-03-30 05:58

reporter   ~0008751

I explored OnCheckUser, but the passed 'password' is not var, so we cannot change the actual password. I didn't explore making the password var, so I don't know if that's any uglier than what I did.

obones

2006-03-30 06:47

administrator   ~0008754

But isn't CheckUser where the actual check the password is correct done?
Maybe I'm missing the point of what you want to do here. If so, please provide detailed steps, I don't know this component that well.

tanbronson

2006-03-30 09:44

reporter   ~0008773

The idea was that someone may have a "valid" password,
but that password in the database is not directly usable.
So the real database password is a hash of the "valid" password.

My new event handler takes the user's password after they have entered it,
transforms in via hashing, and replaces it, allowing the regular login process to continue.

obones

2006-04-03 13:13

administrator   ~0008849

Ok, then I don't quite get how all this works.
Could you post a sample application showing a "dummy's guide" what it does today, and what you'd like to do?
That would help me a lot.

tanbronson

2006-04-03 13:29

reporter   ~0008850

Last edited: 2006-06-27 08:52

I don't have the time to create a fake application, so this fragment will help:

  JVDBSecurity := TJvDBSecurity.Create(Self);

  try
    with JvDBSecurity do
    begin
      Active := False;
      AppStorage := JvAppRegistryStorage;
      AppStoragePath := 'Database';
      Database := dbAdvantix;
      Name := 'JvDBSecurity';
      SelectAlias := True;
    end;

    jvDBSecurity.OnPasswordEncrypt := ScramblePassword;
    if not jvDBSecurity.Login then
      Application.Terminate;
  finally
    JvDBSecurity.Free;
  end;

procedure TdmMain.ScramblePassword(Sender: Tobject; const UserName: String; var Password: String;
  const Alias: string);
begin
   // Their password is not what they think it is
   // so they cannot directly login into the database
   // (unless they read this :-)
   Password := Format('x%sxx%syy', [UserName,Password]);

end;

tanbronson

2006-04-03 13:31

reporter   ~0008851

The key in the attached event handlers is the ability to change the database password used by our application (determistically) so that the user really does have a login into our database, just not with the password that they think :-)

obones

2006-06-27 08:30

administrator   ~0009695

Please provide a complete example, your code does not compile (where is CheckUserDenial for instance?)

tanbronson

2006-06-27 08:53

reporter   ~0009699

I've updated my previous example to get it closer to working.

Hopefully this is enough to show what I'm trying to do...

Thanks.

obones

2006-06-28 02:14

administrator   ~0009703

OnGetPassword has now been added to SVN. This name was chosen as it is more generic.

Issue History

Date Modified Username Field Change
2004-11-17 19:53 tanbronson New Issue
2004-11-17 19:53 tanbronson File Added: Patch.zip
2006-03-30 02:43 obones Note Added: 0008733
2006-03-30 02:43 obones Status new => feedback
2006-03-30 05:58 tanbronson Note Added: 0008751
2006-03-30 06:47 obones Note Added: 0008754
2006-03-30 09:44 tanbronson Note Added: 0008773
2006-04-03 13:13 obones Note Added: 0008849
2006-04-03 13:29 tanbronson Note Added: 0008850
2006-04-03 13:31 tanbronson Note Added: 0008851
2006-06-27 03:42 obones Status feedback => assigned
2006-06-27 03:42 obones Assigned To => obones
2006-06-27 08:30 obones Note Added: 0009695
2006-06-27 08:52 tanbronson Note Edited: 0008850
2006-06-27 08:53 tanbronson Note Added: 0009699
2006-06-28 02:14 obones Status assigned => resolved
2006-06-28 02:14 obones Fixed in Version => Daily / SVN
2006-06-28 02:14 obones Resolution open => fixed
2006-06-28 02:14 obones Note Added: 0009703