[PATCH] ability to encrypt password in DBauthenticator

Sun, 02 Dec 2001 18:06:29 -0800 

This adds the ability to encrypt passwords using a database's built-in encryption 
functions.
@sqlfunction could be added to any of the authenticating elements of the 
configuration.  I
can't think of another application, but i didn't want to hardcode "password('')" into 
the action.

Tim

Index: DatabaseAuthenticatorAction.java
===================================================================
RCS file: 
/home/cvspublic/xml-cocoon2/src/org/apache/cocoon/acting/DatabaseAuthenticatorAction.java,v
retrieving revision 1.3.2.13
diff -u -r1.3.2.13 DatabaseAuthenticatorAction.java
--- DatabaseAuthenticatorAction.java    2001/12/02 19:26:56     1.3.2.13
+++ DatabaseAuthenticatorAction.java    2001/12/03 01:37:23
@@ -53,6 +53,14 @@
  * "false". No values are then propagated to the sesion and session object is
  * not verified.
  *
+ * If your RDBMS can do one way encrypted passwords (note this only encrypts the
+ * password in the database itself and often trivially at that) pass the name
+ * of the function as "sqlfunction".
+ * <pre>
+ *                 &lt;select dbcol="password" request-param="password"
+ *                 nullable="yes" sqlfunction="encrypt" /&gt;
+ * </pre>
+ * 
  * @author Martin Man &lt;[EMAIL PROTECTED]&gt;
  * @version CVS $Revision: 1.3.2.13 $ $Date: 2001/12/02 19:26:56 $
  */
@@ -164,7 +173,7 @@
         boolean first_constraint = true;
         StringBuffer queryBuffer = new StringBuffer ("SELECT ");
         StringBuffer queryBufferEnd = new StringBuffer ("");
-        String dbcol, request_param, request_value, nullstr;
+        String dbcol, request_param, request_value, sqlfunction, nullstr;
         boolean nullable = false;
         Configuration table = conf.getChild ("table");
         Configuration[] select = table.getChildren ("select");
@@ -175,6 +184,11 @@
                 dbcol = select[i].getAttribute ("dbcol");
                 queryBuffer.append (dbcol);
                 try {
+                    sqlfunction = select[i].getAttribute ("sqlfunction");
+                } catch (Exception e) {
+                    sqlfunction = null;
+                }
+                try {
                     request_param = select[i].getAttribute ("request-param");
                     if (request_param == null ||
                             request_param.trim().equals ("")) {
@@ -206,7 +220,10 @@
                 } else {
                     if (!first_constraint)
                         queryBufferEnd.append (" AND ");
-                    queryBufferEnd.append 
(dbcol).append("='").append(request_value).append("'");
+                    if (sqlfunction ==null) 
+                        queryBufferEnd.append (dbcol + "='" + request_value + "'");
+                    else
+                        queryBufferEnd.append(dbcol + "=" + sqlfunction + "('" + 
+request_value + "')");
                     first_constraint = false;
                 }
             }


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Reply via email to