Chris,
AMEN TO THAT! The first major error is using "the standard sysdba username and password"!!!!!! To compound it by embedding it (apparently in clear text) in the code is to throw open the door to your home and put a big neon sign on your roof saying, "Doors open, come on in . . . I'm not home anyway!" Finally, adding the ability of the user to _change_ that password is, perhaps, akin to taping your ATM card to the front door of the above house with a note that says, "I haven't set my password yet, why don't _you_ do it?" Creating an encryption system is _might_ be acceptable if it is not "(very simple encryption)"; however, I think I might be able to offer a variation on that theme. Create a Guest User, of sorts, that can access your database but is limited to executing one and only one stored procedure. That stored procedure should accept a User Name and Password that it then validates against the database users. If the parameters validate, then the SP should return an _encrypted_ string that consists of the Username and Password to be used in the connection string (something in the form of "User=whatever; Password=something;") so that you can use Format to insert it into the connection string. This lets you move the User Name/Password validation into the database and allows you to easily control not only who gets in but what rights they have. Ralph D. Wilson II Database Developer 9038 Woodland Trace Boerne, TX 78006 email: [EMAIL PROTECTED] Alt email: [EMAIL PROTECTED] Home: (830) 981-8884 Cell: (210) 387-7744 Fax: (830) 981-5726 Any sufficiently advanced technology is indistinguishable from magic. A.C. Clark -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, August 21, 2008 12:14 AM To: delphi-db@elists.org Subject: RE: Creating a user from within Delphi Not answering your question directly. But here's a clue : ShellExec + (gsec -user sysdba -password <password> -database <databasename>) IMHO The dba admin should be controlling passwords, not end users. Tails should not wag dogs. HTH - Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stevio Sent: 20 August 2008 17:44 To: Delphi DB Subject: Re: Creating a user from within Delphi >> I have developed an application (Delphi 5 Pro) that connects to a >> Firebird >> database using the standard sysdba username and password and at present >> this >> is hardcoded in my application. I want to change this and have a specific >> user set up for my application and database. > > On one of these lists I posted a utility that encrypts these values > (very simple encryption) and can store the encrypted username, password > and db name in registry or an ini file. When my programs start they look > for these details for this user and if available attempt to open the db > with those credentials else they bring up the prompt form. I am as well hardcoding the username am I not, since only this username will have full rights over the database? The username is not something that they will be able to change. It would be nice to allow my user to change the password however and so this could be encoded and stored in the registry/ini file. The database location is not hardcoded, this is already stored in an ini file. How can you, from within Delphi, change a Firebird user's password? Thanks, Stephen _______________________________________________ Delphi-DB mailing list Delphi-DB@elists.org http://lists.elists.org/cgi-bin/mailman/listinfo/delphi-db _______________________________________________ Delphi-DB mailing list Delphi-DB@elists.org http://lists.elists.org/cgi-bin/mailman/listinfo/delphi-db _______________________________________________ Delphi-DB mailing list Delphi-DB@elists.org http://lists.elists.org/cgi-bin/mailman/listinfo/delphi-db
