Chris,



AMEN TO THAT!




The first major error is using "the standard sysdba username and
password"!!!!!!  To compound it by embedding it (apparently in clear
text) in the code is to throw open the door to your home and put a big
neon sign on your roof saying, "Doors open, come on in . . . I'm not
home anyway!"  Finally, adding the ability of the user to _change_ that
password is, perhaps, akin to taping your ATM card to the front door of
the above house with a note that says, "I haven't set my password yet,
why don't _you_ do it?"





Creating an encryption system is _might_ be acceptable if it is not
"(very simple encryption)"; however, I think I might be able to offer a
variation on that theme.  Create a Guest User, of sorts, that can access
your database but is limited to executing one and only one stored
procedure.  That stored procedure should accept a User Name and Password
that it then validates against the database users.  If the parameters
validate, then the SP should return an _encrypted_ string that consists
of the Username and Password to be used in the connection string
(something in the form of "User=whatever; Password=something;") so that
you can use Format to insert it into the connection string.  This lets
you move the User Name/Password validation into the database and allows
you to easily control not only who gets in but what rights they have.




 
Ralph D. Wilson II
Database Developer
 
9038 Woodland Trace
Boerne, TX 78006
 
email: [EMAIL PROTECTED]
Alt email: [EMAIL PROTECTED]
Home: (830) 981-8884
Cell: (210) 387-7744
Fax: (830) 981-5726
 
Any sufficiently advanced technology is indistinguishable from magic.
A.C. Clark

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, August 21, 2008 12:14 AM
To: delphi-db@elists.org
Subject: RE: Creating a user from within Delphi

Not answering your question directly. But here's a clue :
ShellExec + (gsec -user sysdba -password <password> -database
<databasename>)

IMHO The dba admin should be controlling passwords, not end users.
Tails should not wag dogs.

HTH - Chris

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Stevio
Sent: 20 August 2008 17:44
To: Delphi DB
Subject: Re: Creating a user from within Delphi

>> I have developed an application (Delphi 5 Pro) that connects to a 
>> Firebird
>> database using the standard sysdba username and password and at
present 
>> this
>> is hardcoded in my application. I want to change this and have a
specific
>> user set up for my application and database.
>
> On one of these lists I posted a utility that encrypts these values
> (very simple encryption) and can store the encrypted username,
password
> and db name in registry or an ini file. When my programs start they
look
> for these details for this user and if available attempt to open the
db
> with those credentials else they bring up the prompt form.

I am as well hardcoding the username am I not, since only this username
will 
have full rights over the database? The username is not something that
they 
will be able to change.

It would be nice to allow my user to change the password however and so
this 
could be encoded and stored in the registry/ini file. The database
location 
is not hardcoded, this is already stored in an ini file.

How can you, from within Delphi, change a Firebird user's password?

Thanks,
Stephen 

_______________________________________________
Delphi-DB mailing list
Delphi-DB@elists.org
http://lists.elists.org/cgi-bin/mailman/listinfo/delphi-db

_______________________________________________
Delphi-DB mailing list
Delphi-DB@elists.org
http://lists.elists.org/cgi-bin/mailman/listinfo/delphi-db

_______________________________________________
Delphi-DB mailing list
Delphi-DB@elists.org
http://lists.elists.org/cgi-bin/mailman/listinfo/delphi-db

Reply via email to