Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to validate a login when using a oracle database (pw-encryption?) 1

Status
Not open for further replies.
freiheit

freiheit

Programmer
Oct 4, 2000
8
DE
Hi,

I'd like to make a password-validation with cold fusion. Username and password are stored in the view DBA_USERS of a oracle database. But the password in this view is encrypted and the user gives me the not encrypted password.

What do I have to do?

Thanks for help.
Marcus.

[sig][/sig]
 
Sort by date Sort by votes
Now I am able to answer my own question.

There is no need to compare username and password in the view DBA_USERS of an oracle database with that what the user gives.

You simply use the cfquery tag and put username and password into it.

Code: 
<cfquery datasource=&quot;DS&quot; name=&quot;NAME&quot; username=&quot;USERNAME&quot; password=&quot;NOT_ENCRYPTED&quot;>
any SQL-statement </cfquery>

What happens is that cold fusion connects to the oracle database by passing through the USERNAME and the not encrypted password. Oracle encrypts the password and then validates the login by looking into the view DBA_USERS. If a combination of USERNAME and encrypted password exists then the SQL-statement will be automaticaly executed. Otherwise it returns an exception.

That means any executed SQL-statement means a good login. An exception means the login was not good. [sig][/sig]
 
Upvote 0 Downvote
typically you store an encryption key in your application.cfm, and use that to encrypt the passwords. When updating the database, do this:

<cfquery datasource=&quot;#dsn#&quot;>
Update Table_Name
Set Password = encrypt(#form.password#, name_of_key)
</cfquery>

And then when the user tries to log in, encrypt the form password to compare to the database. [sig][/sig]
 
Upvote 0 Downvote
Hi celley,

your post was helpful, I will remember it for other projects.

Another problem is that I do not know the encryption code Oracle uses when creating a new database user or changing the password. And I'm sure that Oracle encrypts the password and then stores it in DBA_USERS. Maybe I should change the forum with that problem ;-)

Perhaps you have another tip?
Thanks.
Marcus [sig][/sig]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

RBGraphics
  • Locked
  • Question
Adobe Portfolio
Replies
0
Views
192
RBGraphics
RBGraphics
RosieGp
  • Locked
  • Question
How to read string of 0s and 1s 1
Replies
3
Views
250
LyndonOHRC
LyndonOHRC
Mike Lewis
  • Locked
  • Question
Using Dreamweaver to maintain a site not created in Dreamweaver
Replies
2
Views
242
Mike Lewis
Mike Lewis
Kjonnnn
  • Locked
  • Question
What is is called when you end a domain with a folder name.
Replies
2
Views
89
Kjonnnn
Kjonnnn
LyndonOHRC
  • Locked
  • Question
Need help using ImageCrop()
Replies
1
Views
79
LyndonOHRC
LyndonOHRC

Part and Inventory Search

Sponsor

Back
Top