View Issue Details

IDProjectCategoryView StatusLast Update
0002323JEDI VCL04 Feature Requestpublic2006-06-28 02:14
ReportertanbronsonAssigned Toobones 
Status resolvedResolutionfixed 
Product Version3.00 BETA 2 
Target VersionFixed in Version3.30 
Summary0002323: Need a way to use TJvDBSecurity, and scramble the users password
DescriptionWe have an application that 'encrypts' the users database password, so I added an event to TJvDBSecurity & friends to that is ultimately called by TJvDBLoginDialog.FillParams so we can 'encrypt' the password that the user has entered.

I'm not sure this is the most elegant way to accomplish this, but it's working for me.
TagsNo tags attached.


2004-11-17 19:53 (10,473 bytes)


2006-03-30 02:43

administrator   ~0008733

Why not use the OnCheckUser event?


2006-03-30 05:58

reporter   ~0008751

I explored OnCheckUser, but the passed 'password' is not var, so we cannot change the actual password. I didn't explore making the password var, so I don't know if that's any uglier than what I did.


2006-03-30 06:47

administrator   ~0008754

But isn't CheckUser where the actual check the password is correct done?
Maybe I'm missing the point of what you want to do here. If so, please provide detailed steps, I don't know this component that well.


2006-03-30 09:44

reporter   ~0008773

The idea was that someone may have a "valid" password,
but that password in the database is not directly usable.
So the real database password is a hash of the "valid" password.

My new event handler takes the user's password after they have entered it,
transforms in via hashing, and replaces it, allowing the regular login process to continue.


2006-04-03 13:13

administrator   ~0008849

Ok, then I don't quite get how all this works.
Could you post a sample application showing a "dummy's guide" what it does today, and what you'd like to do?
That would help me a lot.


2006-04-03 13:29

reporter   ~0008850

Last edited: 2006-06-27 08:52

I don't have the time to create a fake application, so this fragment will help:

  JVDBSecurity := TJvDBSecurity.Create(Self);

    with JvDBSecurity do
      Active := False;
      AppStorage := JvAppRegistryStorage;
      AppStoragePath := 'Database';
      Database := dbAdvantix;
      Name := 'JvDBSecurity';
      SelectAlias := True;

    jvDBSecurity.OnPasswordEncrypt := ScramblePassword;
    if not jvDBSecurity.Login then

procedure TdmMain.ScramblePassword(Sender: Tobject; const UserName: String; var Password: String;
  const Alias: string);
   // Their password is not what they think it is
   // so they cannot directly login into the database
   // (unless they read this :-)
   Password := Format('x%sxx%syy', [UserName,Password]);



2006-04-03 13:31

reporter   ~0008851

The key in the attached event handlers is the ability to change the database password used by our application (determistically) so that the user really does have a login into our database, just not with the password that they think :-)


2006-06-27 08:30

administrator   ~0009695

Please provide a complete example, your code does not compile (where is CheckUserDenial for instance?)


2006-06-27 08:53

reporter   ~0009699

I've updated my previous example to get it closer to working.

Hopefully this is enough to show what I'm trying to do...



2006-06-28 02:14

administrator   ~0009703

OnGetPassword has now been added to SVN. This name was chosen as it is more generic.

Issue History

Date Modified Username Field Change
2004-11-17 19:53 tanbronson New Issue
2004-11-17 19:53 tanbronson File Added:
2006-03-30 02:43 obones Note Added: 0008733
2006-03-30 02:43 obones Status new => feedback
2006-03-30 05:58 tanbronson Note Added: 0008751
2006-03-30 06:47 obones Note Added: 0008754
2006-03-30 09:44 tanbronson Note Added: 0008773
2006-04-03 13:13 obones Note Added: 0008849
2006-04-03 13:29 tanbronson Note Added: 0008850
2006-04-03 13:31 tanbronson Note Added: 0008851
2006-06-27 03:42 obones Status feedback => assigned
2006-06-27 03:42 obones Assigned To => obones
2006-06-27 08:30 obones Note Added: 0009695
2006-06-27 08:52 tanbronson Note Edited: 0008850
2006-06-27 08:53 tanbronson Note Added: 0009699
2006-06-28 02:14 obones Status assigned => resolved
2006-06-28 02:14 obones Fixed in Version => Daily / SVN
2006-06-28 02:14 obones Resolution open => fixed
2006-06-28 02:14 obones Note Added: 0009703