Is it possible to take input of password from user in hidden form in sql?
As we enter any character immediately it should get replaced by * .
When we try to connect with oracle as we can't see our password like that way i want to take input from user.
Related
Since my 2 post about the LDAP Authentication (first post, second post), we created our own custom authentication scheme and function to connect to the application using our Active Directory credentials.
We can successfully log in the application. However, we have a second function which retrieves the group of the user in the AD. Here's the code when I'm trying to retrieve the group into a Text Field (P1_GROUP) :
ourschema.ldap_get_group_apex_from_user(
p_username => v('APP_USER'),
p_password => 'thepassword')
As you can see, this is working, because the password is in static text. This leads me to my main question :
How to retrieve the user's password in Oracle Apex, and what is the most secure way ?
I tried to set a Branch or a Process in the Log-In page while redirecting the user's the the home page, and Set Value of the :P9999_PASSWORD field to the home page text field P1_PWD.
So, I tried to adapt my code with the text field
ourschema.ldap_get_group_apex_from_user(
p_username => v('APP_USER'),
p_password => :P1_PWD)
Unfortunately, this doesn't seems secure because the password would be visible in the HTML code of the page (right click + inspect and there it is. Moreover, sometimes it gives me an error
Error computing item source value for page item P1_GROUP
It seems like the application cannot execute the function because the password is still not initialized.
Is there a way to retrieve :P9999_PASSWORD or to transfer it from the login page to a global variable/global page or a text field ? Or is there a function to retrieve the current user's password ?
Thank you again for your time, do not hesitate to ask for more details as this is a very specific case,
Thomas
I don't think your approach is correct. Ideally, even an administrator of your system should not be able to decrypt a user's passwords; they should be stored as hashes.
You're trying to look up the user's group memberships? You don't need the user's own credentials to do that. Use a dedicated account that has access to your Active Directory system and store that password encrypted in your database. Use that account to search for and look up the user's group memberships. That way, even if your system is compromised, only that account is exposed.
Thank you all for your answers and your advices on my case, and for taking the time to help.
We found a solution that we think is reliable, here's what we did if that could help other people.
We created a global variable G_GROUP, which will receive the group of the user
On the login page, we created a process before the login process.
Set the Source of the Process to PL/SQL Code :
:G_GROUP := pdbadmin.ldap_get_group_apex_from_user( --our custom function to retrieve groups
p_username => :P9999_USERNAME,
p_password => :P9999_PASSWORD); -- the function get the username and password in the fields
If i want to display the group of the user in the main page, let's create a Text Field P1_GROUP which as for Source the PL/SQL Expression :G_GROUP
Our group is initialized, and the password is not shown in any field.
Let me know what you think about it, and if you guys think this could be improved.
I am trying to add a set of PFUsers in the Data browser with emails, validated, passwords and usernames so that I can test a feature in my iOS app. But as I add the users, the passwords are lost and the validated field will not stay as 'YES'.
How can I add users for testing?
The process I've found success with is:
Adding a row.
Double clicking the appropriate cell to add a username then pressing enter.
Doing the same for password.
At the point it generates an ObjectId and I know the user has been stored.
In terms of a validated field, is that a column you added yourself or are you referring to the emailVerified column?
EDIT: In the case of emailVerified, you should be able to double click in the appropriate cell and it should present a drop-down of Boolean values that you can select.
I have a table in database with this structure:
Username
Password
Age
email
Address
Phone Number
I want to store this table's data manually(not by an input from a program) in the data base so that i can fetch it later for further use.
I want to store the password in the database in the encrypted form so that nobody can see the password.
How can i do this ?
I think you can go to the following site and check it out:-
http://docs.oracle.com/cd/E18283_01/network.112/e10746/asotrans.htm
You can use Master Encryption Key.It is implemented in a lot of places where user details should not be misused such as credit card no.
I am working on change password function in laravel4 . I got stuck into one point that how to match hashed password on database with the new password we enter.
I know this that laravel4 Auth produces new hash value every time for the same input .
Please help me on this .
Thanks.
The question is unclear why do u want match the new password with old ?
But to check the password you can do
Hash:check($entered_old_password, $password_from_db);
*$password_from_db - would be hashed password.
I typically have a form with 3 text inputs, 1 for old password and 1 for new password and the last one for new password confirmation.
On submit check if the old password matchs if so update the user's password with the new one.
You can also use Eloquent Accessor & Mutators to Hash password every time it is set so you don't have to do that in multiple places
[http://laravel.com/docs/eloquent#accessors-and-mutators]
Is that what you are looking for?
I'm creating a VBS to create a user from our HR-systems.
Most of it worked; but I noticed the domain field stays blank (the field on the right of the logon name in the dsa.msc tool; the second part of the User Principal Name).
you can see it in this screenshot as "#Entcert2.com"
I can't find any information on this on the internet.
There is basically only one value possible, but it's blank after the user creation.
The NETBIOS-domain name is filled in correctly.
What's the correct fieldname for this to fill in the value using vbs?
You just forget to fill the userPrincipalName attribute.