Hi I have managed to implement container managed authentication in weblogic 12c with an SQLAuthenticator. I am successfully loging in with the users I create in the database when the password setting is set to PLAINTEXT in the provider specific sqlauthenticator settings and the database value is not encrypted.
If I am storing the user's password inside the database using the following code though I cannot login:
String encPass = "{SHA-1}" + new sun.misc.BASE64Encoder()
.encode(java.security.MessageDigest.getInstance("SHA1")
.digest(newUser.getPassword().getBytes()));
By providing the password "weblogic1" this value is stored in the db: {SHA-1}r49g3WeQasgoe6ODQ+5fa4Ic5tk=
In my SQLAuthenticator provider specific settings I have "Plaintext Passwords Enabled" set to false, "Password Style Retained" set to true, Password Algorithm: set to SHA-1.
When I run
request.login(email, password);
It throws the Authentication Failed exception...
What am I doing wrong?
A little late, but I think I can answer this one for you.
From the sound of things, your code was in fact correct, however, as you discovered, your tables were not properly set up.
When configuring your RDBMS authentication, it is assumed that you have three tables in your DB, they are:
users (username, password, description)
groupmembers (group name, group member)
groups (group name, group description)
I expect you were mostly there, but lacking the description column for the "users" and "groups" tables was causing your problems.
You can check out this link from Oracle's online documentation for more info:
https://docs.oracle.com/cd/E21764_01/web.1111/e13707/atn.htm#SECMG195
OK, my code now runs correctly but I don't know why. The only thing I changed is that I added some description columns to my tables and fixed my queries in the provider description accordingly. This shouldn't actually affect the login, just the user creation from the weblogic console which didn't work. Maybe weblogic just needed a few restarts IDK.
Related
Hi I'm a newbie to the oracle apex and I'm trying to create a dynamic page that let the user (the logged one) see only "his" record I tried in the source query (P101_USERNAME is the username item on the login page)
select * from user u where u.username=v('P101_USERNAME')
And this
Select * from user u where u.username=:P101_USERNAME
But I got the no data found error I think I'm doing the things the wrong way.. So is there a way to create a page that let the user see only the record linked to his username(or primary key) and hide the other?
That username field is only relevant for the life of the login process.
Throughout the application you should refer to :APP_USER
See list of available substitution strings
https://docs.oracle.com/cd/E59726_01/doc.50/e39147/concept_sub.htm#BEIHCJBG
If you’re using APEX 5, you can now get the User from the APEX$SESSION application context. here
You also can use function APEX_APPLICATION.g_user here
I want to hardcode the credentials for connection to an Access database.
My connection string currently looks like
$strConn = "Provider = Microsoft.Jet.OLEDB.4.0;Data Source = $dbName;
And this works fine, but I am prompted to enter a "User Name" and "Password". I have researched Access connection strings, but I can only find one that includes password (not user)
$strConn = "Provider = Microsoft.Jet.OLEDB.4.0; Data Source=c:\App1\Your_Database_Name.mdb; Jet OLEDB:Database Password=Your_Password"
I have tried using this (as well as combinations of user/username/uid etc) but have not found anything that works.
Here is the window that is popping up (service name is automatically populated):
Looks similar to this: Oracle ODBC Driver Connect always asking for password
I believe it has something to do with the Access database being linked to an oracle database. Is this out of my hands?
You can get direct access to a linked table by using its connection string, and filling in the user and password. For Oracle, the connection string structure can vary upon the used provider. View ConnectionStrings.com for a list of options (most likely option is Provider=OraOLEDB.Oracle;Data Source=MyOracleDB;User Id=myUsername; Password=myPassword;).
You can obtain the current connection string for the linked table by querying MSysObjects inside Microsoft Access:
SELECT MSysObjects.Connect
FROM MSysObjects
WHERE MSysObjects.Name="MyLinkedTableName";
You can even change the connection string to include your username and password, if you wanted (see this answer).
However, take note that the one who originally linked the tables in Access, chose not to include a username and password. Including a username and password in an unsecured Access database might pose a security risk.
Also, take note that if you connect directly to the Oracle database, you must reference the table names as defined there, and use the proper SQL variant to query it.
According to the handy reference page ConnectionStrings.com, pass User Id=<username> and Password=<password> like so,
Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\mydatabase.mdb;User Id=admin;
Password=Pa$$w0rd;
I'm new to Redis, I am now learning it by trying to make a login function.
Suppose I have a table named User (id, username, password) in traditional SQL database, what's the proper way to design the Redis store for a table, so that I may achieve some sql-style-query like "select * from user where username=xxx and password=yyy"?
Is it a good way to set the key: username+password and the value: username "root" password "admin" using Hash?
Redis is not a replacement for SQL databases. They have different purposes.
In Redis you should design based on how you will access the data.
See this SO question.
Also this tutorial by Simon Willison is very interesting even though it has some years.
I suspect your query doesn't actually need to be select * from user where username=xxx and password=yyy, but instead just looking up by username and then verifying the password is correct.
Using Redis you can store the user information by the username (this is your primary/unique key) and then in your code verify the password is correct. As #tadman has stated in the comments - please don't store passwords as plain text, that's a huge security hole right there
I have only FTP and MySql access parameters. My client didn't tell me the password to access the dashboard. How could I recovery it?
(I haven't email access, so I can't use the normal recovery and I can't contact my client before next 2 day...)
Copy the password hash of one of your customer (or create a new one) from ps_customers table to the password field of employee in ps_employee table.
PS: pub#prestashop.com customer is created by default, if still exists use that password hash. (Password for this customer is 123456789).
Use any free online MD5 generator like http://www.md5hashgenerator.com
but ecode COOKIE_KEY from settings.inc.php and new Password (with no space).
'COOKIE_KEYNewPassword' example 'bWZbVe5OEq4nwbWZbVe5OEq4nwbVe5OEq4nwnJI2xj8g3nAW1GC1y5KTwMyPassword’
Now cope your new password (MyPassword) to the ps_employee table in your database instead of the old pass.
In your database go and look at the table named PS_employee
While there add a new line with appropriate info and for password use this generator
http://www.md5hashgenerator.com
BR's
(don't forget to accept when this answer helps you )
I am creating a login system for my own website so I can update it via a form. I have manually added myself to a table in the database I called users, although there will only ever be me, and I added my password plain text. However, I have since being reading about hashing passwords, but from what I can see this is only done from a php function, can I do it in phpMyAdmin using just the sql section?
If you edit the structure of your table, there should be a column called "Function".
There you can select MD5, and any value stored in that Field will become hashed. So if you already have a password stored in your table, it will become hashed aswell.
Like this: http://www.xodino.it/wp-content/uploads/file/ubuntuftp/pureftpd-02.png
Have a look here:
http://dev.mysql.com/doc/refman/5.1/en/password-hashing.html
But if you want to do it with PHP take a look here. That's a good article about password hashing:
http://phpsec.org/articles/2005/password-hashing.html
You should salt your password and then hash it. Passwords that use MD5 or SHA1 are no longer secure - you should generate a unique salt for each password and use Bcrypt to create a strong hash.
This article gives a decent explanation:
http://www.bentasker.co.uk/blog/security...
But doing a Google search yourself will gives you lots of results on storing passwords in databases.
You can change the Type to BINARY and give it a length of 60. If your application will remain private, using the MD5, SHA1, or the PASSWORD function is okay. A description of the encryption and compression functions are available in the official MySQL docs here: http://dev.mysql.com/doc/refman/5.5/...
May I know what you want here? You want to use SQL to encrypt your passwords? So, before saving the password, you call something like this?
select * from user where username='me' and password=md5($mypass)
If that is what you want, it depends on your SQL engine. MySQL has a function called MD5 to help you do the job.
I think the easiest is to edit your table,there should be a column called "Function". There you can select MD5 from a drop down list and then click GO, and any value stored in that Field will become hashed. So if you already have a password stored in your table, However if you try to change again the converted hashed text to CHAR, it will change the original password and putting the right password on the php side will fail
UPDATE Desarrollo.Login SET password = md5('mypassword') WHERE Login.id = 1;
I think this can help.