Encrypt password with a keyword

Hello
I want to store passwords in a data table.
The passwords must be encrypt with a keyword. The idea is that we need this keyword to decrypt the password.
So only the users who knows the keyword will be able to decrypt the password stored in the table through a specific transaction.
Do you know if there are function modules which can make this kind of encryption / decryption ?
Thank you for your help.

> Yes, I know these functions but it's not sufficient.
> We really need to encrypt the passwords with a keyword in order to guarantee the security.
Thank you for that. These function modules are urban legends caused by their misleading names.
Last I heard, they will be deleted in a future release.
> The standard authorisation are not sufficient because anyone who can access to SE37 will be able to decrypt the passwords.
Well, you can and should protect that in a productive environment... (the ability to display, and execute, the FM - see SAP Note 587410).
> That's why we want that only the users who knows that keyword will be able to decrypt.
Then you will need to prompt the user for a password, before the decryption.
So there are 2 issues:
Password prompt
You can create a symbolic user without any access (roles) and manage it's password. Before the decryption, check that the calling user at least knows the password of this user.
You can do this locally in the same client (see report RDDPWDCHK for coding examples - carefull, it updates the "lock count" for failed password attempts now) or remotly using an RFC connection without saved login data to a different client or system. The latter can be usefull, as the ability to set the password = the ability to decrypt.
Encryption / Decryption
You will need to save the algorithm somewhere, or use an existing function which offers the ability to decrypt. Obviously, the latter option can bypass your prompt...
One way of doing it would be to write your own external RFC server program which does this task, and protect it.
Another way would be to store the sensitive parts of the code in an encrypted file which can only be accessed from your program context. It would then only be "visible" at runtime. In this case, folks could also access the hidden parts via developer traces or short dumps or debugging.
Restricting access to the "real" code is the easiest option, and other more complicated approaches generally require restricted access anyway.
> anyone who can access to SE37 will be able to decrypt the passwords.
If someone has access to display source code and single-test all function modules, then all security is toasted anyway...
Cheers,
Julius

Similar Messages

How to encrypt password with hash function in Java?

Hello, everybody!
I will need to store user passwords in a database, but for stronger security I want to store these passwords hashed, so I know I will need a column for the password and for the salt value.
So, I'd like that you indicate me a very good article or tutorial (preferable from Sun) that shows me how to use Java to encrypt and decrypt passwords with hash. It doesn't necessarily need to deal with database. I can implement this part myself after seeing how Java manage encryption with hash functions.
Thank you very much.
Marcos

I will tell you more precisely what I want to get better for you to help me.
As I said I implemented in .NET what I need to implement in Java now. In my
database I have a table with this structure (I omitted that columns that are not
necessary to our discussion):
CREATE TABLE EMPLOYEES
ID NOT NULL PRIMARY KEY,
PASSWORD VARCHAR(40), -- password encrypted
HASH_SALT VARCHAR(10) -- salt value used to encrypt password
So, in the table I have a column to store the password encrypted and a column to
store the salt value.
Below is a little utility class (in C#) that I use to generate the salt and
the hashed password.
public static class PasswordUtilities
    public static string GenerateSalt()
        RNGCryptoServiceProvider encoder = new RNGCryptoServiceProvider();
        byte[] buffer = new byte[5];
        encoder.GetBytes(buffer);
        return Convert.ToBase64String(buffer);
    public static string EncryptPassword(string password, string salt)
        string encryptedPassword =
            FormsAuthentication.HashPasswordForStoringInConfigFile(
            password + salt, "SHA1");
        return encryptedPassword;
}As you can see, the class is fairly simple. It only has two methods: one to
generate the salt value that will be used to encrypt the password and another
one to encrypt the password. The method HashPasswordForStoringInConfigFile of
the FormsAuthentication class is what really hash the password with the salt
value. This class belongs to the .NET library, so we can't see its source code,
but it doesn't matter for our discussion as I know that we can implement
something similar in Java.
Below is a little sample code showing the use of the utility class above to
encrypt a password.
public class Encrypt
    public static void Main(string args[])
        string password = "Secret";
        string salt = PasswordUtilities.GenerateSalt();
        string encryptedPassword = PasswordUtilities.EncryptPassword(password, salt);
        // now I store 'encryptedPassword' in the PASSWORD column and 'salt'
        // in the HASH_SALT column in the EMPLOYEES table.
}To verify if a password is correct I can use the code below:
public class VerifyPassword
    public static void Main(string args[])
        string password = GetPasswordFromUser();
        // Let's assume that employee is an instance that corresponds to a row
        // in the database and the properties HashSalt and Password correspond
        // to the HASH_SALT and PASSWORD columns respectively.
        Employee employee = GetEmployeeFromDatabase(1);
        string salt = employee.HashSalt;
        string encryptedPassword = PasswordUtilities.EncryptPassword(password, salt);
        bool passwordMatch = employee.Password.Equals(encryptedPassword);
        System.Console.WriteLine(passwordMatch);
}The only thing that interest me in this discussion is the PasswordUtilities class.
As you saw its code is in C#, using the .NET framework libraries.
What I want is to have this same little class coded in Java, to generate the salt
value and to encrypt the password passed in using salt value generated. If you could
help me to do that with articles that have what I want or with code that already do
that I would really appreciate.
Thank you in advance.
Marcos

Delete the encryption password with backups

Hi, I setup the password for iphone backup in itunes a while ago. Now I cannot get it thru as it keep saying my password wrong. I did it in a hurry so I might have either forgot the password, or I typed the password wrong to begin with... So I am trying clear it. I thought I was able to delete the old backups so the password will be cleared. While I do a new backup I can reset the password for it. But i didn't work. I am not sure if I am in the right path. Can anyone help me on this?
Thanks!
(I am using Windows Vista + iphone 3G.)

"If you cannot remember the password and want to start again, you will have to do a full software restore and when prompted by iTunes to select the backup to restore from, choose "Set up as a new device". "
---http://discussions.apple.com/thread.jspa?messageID=10331892&#10331892
That is a bad design...

Encrypting Programs using 2 keywords(2 square cipher)?

Hello, I am trying to create a program that can encrypt and save files using 2 keywords. (it's part of a course I'm starting). At the moment, I have created a program that can encrypt messages with ONE keyword.
If someone could provide a solution to my problem - that would be absolutely wonderful.
thanks.

This is what I've done so far ;
it encrypted messages using only ONE keyword
'text window setup
TextWindow.Title = "Encryption Program - Task 2"
'get message
start:
TextWindow.ForegroundColor = "green"
TextWindow.BackgroundColor = "blue"
TextWindow.WriteLine("Please enter your message.")
Message = TextWindow.Read()
Characters = Text.GetSubText(Message,1,1)
WordCharacterCode = Text.GetCharacterCode(Characters)
'message error check
If WordCharacterCode < 65 Or WordCharacterCode > 122 Or WordCharacterCode < 97 And WordCharacterCode> 90 Then
TextWindow.ForegroundColor = "red"
TextWindow.WriteLine("ERROR - Please try again")
Goto start
EndIf
'get keyword
TextWindow.WriteLine("Please enter a keyword")
key = TextWindow.Read()
KeyCharacter = Text.GetSubText(key,1,1)
KeyCharacterCode = Text.GetCharacterCode(KeyCharacter)
'keyword error check
If KeyCharacterCode < 65 Or KeyCharacterCode > 122 Or KeyCharacterCode < 97 And KeyCharacterCode > 90 Then
TextWindow.ForegroundColor = "red"
TextWindow.WriteLine("**ERROR - Please try again**")
Goto start
Else
EncryptLowerCase()
EndIf
'suborutine - encrypts message
Sub EncryptLowerCase
TextWindow.ForegroundColor = "green"
TextWindow.BackgroundColor = "black"
count = 1
While Text.GetLength(keyword) < Text.GetLength(Message)
If count > Text.GetLength(key) Then
count = 1
EndIf
keyletter = Text.GetSubText(key,count,1)
keyword = keyword + keyletter
count = count + 1
EndWhile
For i = 1 To Text.GetLength(Message)
charscode = Text.GetCharacterCode(Text.GetSubText(Message,i,1)) - 96
keycharscode = Text.GetCharacterCode(Text.GetSubText(keyword,i,1)) - 96
encryptedchar = Text.GetCharacter(Math.Remainder(keycharscode + charscode,26)+96)
encrypted = encrypted + encryptedchar
EndFor
'text window setup
TextWindow.Title = "Encryption Program - Task 2"
'get message
start:
TextWindow.ForegroundColor = "green"
TextWindow.BackgroundColor = "blue"
TextWindow.WriteLine("Please enter your message.")
Message = TextWindow.Read()
Characters = Text.GetSubText(Message,1,1)
WordCharacterCode = Text.GetCharacterCode(Characters)
'message error check
If WordCharacterCode < 65 Or WordCharacterCode > 122 Or WordCharacterCode < 97 And WordCharacterCode> 90 Then
TextWindow.ForegroundColor = "red"
TextWindow.WriteLine("ERROR - Please try again")
Goto start
EndIf
'get keyword
TextWindow.WriteLine("Please enter a keyword")
key = TextWindow.Read()
KeyCharacter = Text.GetSubText(key,1,1)
KeyCharacterCode = Text.GetCharacterCode(KeyCharacter)
'keyword error check
If KeyCharacterCode < 65 Or KeyCharacterCode > 122 Or KeyCharacterCode < 97 And KeyCharacterCode > 90 Then
   TextWindow.ForegroundColor = "red"
TextWindow.WriteLine("**ERROR - Please try again**")
Goto start
Else
EncryptLowerCase()
EndIf
'suborutine - encrypts message
Sub EncryptLowerCase
TextWindow.ForegroundColor = "green"
TextWindow.BackgroundColor = "black"
count = 1
While Text.GetLength(keyword) < Text.GetLength(Message)
If count > Text.GetLength(key) Then
    count = 1
EndIf
keyletter = Text.GetSubText(key,count,1)
keyword = keyword + keyletter
count = count + 1
EndWhile
For i = 1 To Text.GetLength(Message)
charscode = Text.GetCharacterCode(Text.GetSubText(Message,i,1)) - 96
keycharscode = Text.GetCharacterCode(Text.GetSubText(keyword,i,1)) - 96
encryptedchar = Text.GetCharacter(Math.Remainder(keycharscode + charscode,26)+96)
encrypted = encrypted + encryptedchar
EndFor
'text window setup
TextWindow.Title = "Encryption Program - Task 2"
'get message
start:
TextWindow.ForegroundColor = "green"
TextWindow.BackgroundColor = "blue"
TextWindow.WriteLine("Please enter your message.")
Message = TextWindow.Read()
Characters = Text.GetSubText(Message,1,1)
WordCharacterCode = Text.GetCharacterCode(Characters)
'message error check
If WordCharacterCode < 65 Or WordCharacterCode > 122 Or WordCharacterCode < 97 And WordCharacterCode> 90 Then
TextWindow.ForegroundColor = "red"
TextWindow.WriteLine("ERROR - Please try again")
Goto start
EndIf
'get keyword
TextWindow.WriteLine("Please enter a keyword")
key = TextWindow.Read()
KeyCharacter = Text.GetSubText(key,1,1)
KeyCharacterCode = Text.GetCharacterCode(KeyCharacter)
'keyword error check
If KeyCharacterCode < 65 Or KeyCharacterCode > 122 Or KeyCharacterCode < 97 And KeyCharacterCode > 90 Then
   TextWindow.ForegroundColor = "red"
TextWindow.WriteLine("**ERROR - Please try again**")
Goto start
Else
EncryptLowerCase()
EndIf
'suborutine - encrypts message
Sub EncryptLowerCase
TextWindow.ForegroundColor = "green"
TextWindow.BackgroundColor = "black"
count = 1
While Text.GetLength(keyword) < Text.GetLength(Message)
If count > Text.GetLength(key) Then
    count = 1
EndIf
keyletter = Text.GetSubText(key,count,1)
keyword = keyword + keyletter
count = count + 1
EndWhile
For i = 1 To Text.GetLength(Message)
charscode = Text.GetCharacterCode(Text.GetSubText(Message,i,1)) - 96
keycharscode = Text.GetCharacterCode(Text.GetSubText(keyword,i,1)) - 96
encryptedchar = Text.GetCharacter(Math.Remainder(keycharscode + charscode,26)+96)
encrypted = encrypted + encryptedchar
EndFor
'text window setup
TextWindow.Title = "Encryption Program - Task 2"
'get message
start:
TextWindow.ForegroundColor = "green"
TextWindow.BackgroundColor = "blue"
TextWindow.WriteLine("Please enter your message.")
Message = TextWindow.Read()
Characters = Text.GetSubText(Message,1,1)
WordCharacterCode = Text.GetCharacterCode(Characters)
'message error check
If WordCharacterCode < 65 Or WordCharacterCode > 122 Or WordCharacterCode < 97 And WordCharacterCode> 90 Then
TextWindow.ForegroundColor = "red"
TextWindow.WriteLine("ERROR - Please try again")
Goto start
EndIf
'get keyword
TextWindow.WriteLine("Please enter a keyword")
key = TextWindow.Read()
KeyCharacter = Text.GetSubText(key,1,1)
KeyCharacterCode = Text.GetCharacterCode(KeyCharacter)
'keyword error check
If KeyCharacterCode < 65 Or KeyCharacterCode > 122 Or KeyCharacterCode < 97 And KeyCharacterCode > 90 Then
   TextWindow.ForegroundColor = "red"
TextWindow.WriteLine("**ERROR - Please try again**")
Goto start
Else
EncryptLowerCase()
EndIf
'suborutine - encrypts message
Sub EncryptLowerCase
TextWindow.ForegroundColor = "green"
TextWindow.BackgroundColor = "black"
count = 1
While Text.GetLength(keyword) < Text.GetLength(Message)
If count > Text.GetLength(key) Then
    count = 1
EndIf
keyletter = Text.GetSubText(key,count,1)
keyword = keyword + keyletter
count = count + 1
EndWhile
For i = 1 To Text.GetLength(Message)
charscode = Text.GetCharacterCode(Text.GetSubText(Message,i,1)) - 96
keycharscode = Text.GetCharacterCode(Text.GetSubText(keyword,i,1)) - 96
encryptedchar = Text.GetCharacter(Math.Remainder(keycharscode + charscode,26)+96)
encrypted = encrypted + encryptedchar
EndFor

LDIF Importing a user with a non-encrypted password fails, anywork arounds?

I was able to import a group without issue:
dn: cn=Authenticated,cn=Groups,dc=oraclelinux,dc=com
description: test group
objectClass: top
objectClass: groupOfUniqueNames
uniqueMember: cn=orcladmin,cn=People,dc=oraclelinux,dc=com
cn: Authenticated
But when I try to import a standard user:
dn: cn=testuser2,cn=Users, dc=oraclelinux, dc=com
userpassword:: password1
description: test user
objectClass: top
objectClass: person
sn: testuser2
cn: testuser2
It fails if I remove the password field then I can import the user without issue, but I need to include the password field as it is part of what was exported from the old LDAP Server.
If I create a user in an ldif import it then add a password using oracle's Directory Manager upon exporting it the entry loks like:
dn: cn=testuser, cn=Users, dc=oraclelinux, dc=com
authpassword;orclcommonpwd: {MD5}fGoYCzaJagqMAnh+6vsOTA==
authpassword;orclcommonpwd: {X- ORCLLMV}E52CAC67419A9A2238F10713B629B565
authpassword;orclcommonpwd: {X- ORCLNTV}5835048CE94AD0564E29A924A03510EF
authpassword;oid: {SASL/MD5}tUquh+Duowh2aWSEwONtcQ==
authpassword;oid: {SASL/MD5-DN}lcQ7Z5O5vcwzXMeaZ65fYw==
authpassword;oid: {SASL/MD5-U}AAWzkmDDCJLbs9mxoWBTiw==
userpassword:: e1NIQX00NHJTRkpROXF0SFdUQkF2cnNLZDVLL3AyajA9
description: test user
objectclass: top
objectclass: person
sn: testuser
cn: testuser
Changing my imported ldif to look like the following WORKS:
dn: cn=testuser2,cn=Users, dc=oraclelinux, dc=com
userpassword:: e1NIQX00NHJTRkpROXF0SFdUQkF2cnNLZDVLL3AyajA9
description: test user
objectClass: top
objectClass: person
sn: testuser2
cn: testuser2
So the password must be encrypted then?, if so how to I generate a password hash on the command-line and through JAVA?
Can an import be forced with a plain text password (Tivoli, SUN both support this functionality).
Can I change the constraint that the password must contain a numeric char? (Found in document: http://download-uk.oracle.com/docs/cd/B28196_01/idmanage.1014/b15991/pwdpolicies.htm#g1051713)
After fixing the constaints I can import a non-encrypted password from an ldif, but it can not be verified and only the authpassword;oid entries are created not the authpassword;orclcommonpwd entries.
Thanks for your assistance,
ERIC GANDT

Eric, my first guess would be that the OID password policy prevents loading of the password i.e. the password doesn't match the existing password policy.
What version is your "old" OID and what is the version of the current OID you're using?
What is the error msg you get?
regards,
--Olaf

Powershell script monitor with encrypted password

I have created a powershell script based monitor in my management pack and everything is ok but I can't get my credentials work inside the script. I want to open pssession to another computer with my credentials. I have triple checked that my pssession is
working because I can access it from powershell console.
This works perfectly at local server from PSconsole:
$EncryptedPassword ="01000000d08c9ddf0115d1118c7a00c04fc297eb01000000534b2....etc...etc..."
$pw = convertto-securestring -String $EncryptedPassword
$cred = new-object System.Management.Automation.PSCredential -argumentlist "MyDOMAIN\MyACCOUNT",$pw
$s = New-PSSession -ComputerName "MyServer" -Port MyPort -Credential $cred
But when I run the same lines inside my management pack the convertto-securestring
does nothing, it just wont convert the encrypted password to secure string!
I have tried this plain text method and it works
inside my management pack, but I don't want to use it because you can see the password in plain text:
ConvertTo-SecureString -String "myPlainTextPassword" -AsPlainText -Force
This is the $error variable, so it's basically says that I don't have anything in the password secure string variable because the convertion did not work for some reason:
The argument is null. Provide a valid value for the argument, and then try running the command again. Cannot process argument transformation on parameter 'Credential'. PromptForCredential Exception calling ".ctor" with "2" argument(s):
"Cannot process argument because the value of argument "password" is null. Change the value of argument "password" to a non-null value." The system cannot find the file specified. Exception calling "SecureStringToBSTR"
with "1" argument(s): "Value cannot be null. Parameter name: s" The system cannot find the file specified. Exception calling "SecureStringToBSTR" with "1" argument(s): "Value cannot be null. Parameter name: s"
The system cannot find the file specified.
So is there some known issue with SCOM Agent / management pack when you are dealing with convertto-securestring
function with encrypted passwords?
I used these methods to encrypt the password: Technet article about encryption

I got it to work!
<TypeDefinitions>
<EntityTypes>
<ClassTypes>
<ClassType ID="MyClass" Accessibility="Public" Abstract="false" Base="Windows!Microsoft.Windows.LocalApplication" Hosted="true" Singleton="false" Extension="false"
/>
</ClassTypes>
</EntityTypes>
<SecureReferences>
<SecureReference ID="MyRunAsAccountProfile" Accessibility="Public" Context="System!System.Entity" />
</SecureReferences>
<ScriptBody>param (
[string]$Username,
[string]$Password
$API = new-object -comObject "MOM.ScriptAPI"
$PropertyBag = $API.CreatePropertyBag()
$cred = New-Object System.Management.Automation.PSCredential -Argumentlist @($Username,(ConvertTo-SecureString -String $Password -AsPlainText -Force))
$s = New-PSSession -ComputerName "myserver" -Credential $cred
Invoke-Command -Session $s -ScriptBlock { $service = Get-Service -Name Spooler}
$invcom = Invoke-Command -Session $s -ScriptBlock { $service.status}
Remove-PSSession -Id $s.Id
if ($invcom.Value -ne "Running") {
$PropertyBag.AddValue("State","ERROR")
$outputLongLine = "Spooler Service is not running on target server!"
$PropertyBag.AddValue("Description", $outputLongLine)
else {
$PropertyBag.AddValue("State","OK")
$outputLongLine = "Spooler is Running on target server."
$PropertyBag.AddValue("Description", $outputLongLine)
$PropertyBag</ScriptBody>
<Parameters>
<Parameter>
<Name>Username</Name>
<Value>$RunAs[Name="MyRunAsAccountProfile"]/Domain$\$RunAs[Name="MyRunAsAccountProfile"]/UserName$</Value>
</Parameter>
<Parameter>
<Name>Password</Name>
<Value>$RunAs[Name="MyRunAsAccountProfile"]/Password$</Value>
</Parameter>

How to compare Entering Password with existing encrypted pasword in APEX4.1

Hello everyone,
In my application am using the following package,
create or replace PACKAGE BODY app_security_pkg
AS
PROCEDURE login
           p_uname IN VARCHAR2
          ,p_password IN VARCHAR2
          ,p_session_id IN VARCHAR2
          ,p_flow_page IN VARCHAR2
IS
lv_goto_page NUMBER DEFAULT 1;
BEGIN
-- This logic is a demonstration of how to redirect
-- to different pages depending on who successfully
-- authenticates. In my example, it simply demonstrates
-- the ADMIN user going to page 1 and all other users going
-- to page 2. Add you own logic here to detrmin which page
-- a user should be directed to post authentication.
IF UPPER(p_uname) = 'ADMIN'
THEN
lv_goto_page := 1;
ELSE
lv_goto_page := 2;
END IF;
APEX_UTIL.SET_SESSION_STATE('FSP_AFTER_LOGIN_URL');
wwv_flow_custom_auth_std.login
p_uname => p_uname,
p_password => p_password,
p_session_id => p_session_id,
p_flow_page => p_flow_page || ':' || lv_goto_page
EXCEPTION
WHEN OTHERS
THEN
RAISE;
END login;
PROCEDURE add_user
p_username IN VARCHAR2
,p_password IN VARCHAR2
AS
BEGIN
INSERT INTO app_users (username, PASSWORD)
    VALUES (UPPER (p_username),
        get_hash (TRIM (p_username), p_password));
COMMIT;
EXCEPTION
WHEN OTHERS
THEN
ROLLBACK;
RAISE;
END add_user;
-- Function to Perform a oneway hash of the users
-- passwords. This cannot be reversed. This exmaple
-- is a very week hash and if been used on a production
-- system, you may want to use a stronger hash algorithm.
-- Read the Documentation for more info on DBMS_CRYPTO as
-- this is the supported package from Oracle and
-- DBMS_OBFUSCATION_TOOLKIT is now depricated.
FUNCTION get_hash (p_username IN VARCHAR2, p_password IN VARCHAR2)
RETURN VARCHAR2
AS
BEGIN
RETURN DBMS_OBFUSCATION_TOOLKIT.md5 (
input_string => UPPER (p_username)
                || '/'
                || UPPER (p_password));
END get_hash;
PROCEDURE valid_user2 (p_username IN VARCHAR2, p_password IN VARCHAR2)
AS
v_dummy VARCHAR2 (1);
BEGIN
SELECT '1'
INTO v_dummy
FROM app_users
WHERE UPPER (username) = UPPER (p_username)
AND PASSWORD = get_hash (p_username, p_password);
EXCEPTION
WHEN NO_DATA_FOUND
THEN raise_application_error (-20000, 'Invalid username / password.');
END valid_user2;
FUNCTION valid_user (p_username IN VARCHAR2, p_password IN VARCHAR2)
RETURN BOOLEAN
AS
BEGIN
valid_user2 (UPPER (p_username), p_password);
RETURN TRUE;
EXCEPTION
WHEN OTHERS
THEN RETURN FALSE;
END valid_user;
END app_security_pkg;Here the ADD_USER Procedure will convert the password and stores into the app_users Table in encrypted form.
In my application the users can change their password,
so I need to compare the entering password in the Current_password field with the Encrypted password in the app_users table,
so I used the following code,
declare
l_x varchar2(30);
begin
select username into l_x
        from app_users
    where upper(username) = upper(:P7_USERNAME)
      and password = :P7_CURRENT_PASSWORD;
return (true);
exception
when no_data_found then
    return (false);
end;This code is working fine when the password is stored without encryption,but after encryption it showing error,
because the entering password is simply password and not encrypted so both are different even if the user enters right password,
Please tel me how to encrypt the entering password to compare with existing encrypted password.
Thank you,
Regards,
gurujothi.

Dear Sunil and vdotcherukuri     ,
Thank you for your reply as per your suggestion I tried the following code and its working fine.
declare
l_x varchar2(30);
begin
select username into l_x
        from app_users
    where upper(username) = upper(:P7_USERNAME)
      and password = app_security_pkg.get_hash (TRIM (:p7_username), :P7_CURRENT_PASSWORD);
return (true);
exception
when no_data_found then
    return (false);
end;Thank you,
Regards,
Gurujothi.

Login with encrypted password doesn't work

Hi, simple problem:
in login settings with encrypted password option on
The login doesn't work => Error:"AFTER.Trigger_Login_CheckLogin*"
(tested with a user that has an encrypted password)
without encrypted password
The login works
(tested with a user that has a clean password)
Where I wrong?
Thanks
Gabriele

Hi Gabriele,
how many varchars did you define for the column that´s holding the encrypted passwords ? It has to be at least 32 chars due to the MD5 encryption, if it´s lesser than that, the passwords will get truncated.
Cheers,
Günter Schenk
Adobe Community Expert, Dreamweaver

Encrypt sensitive with password and calling sub pkgs

Hi we run 2012 enterprise and r introducing a db2 connection that "allows saving password".
We run from the file system (not the catalog) and face a challenge.
The default prot level on the SUB PACKAGE that has the db2 connection (only such connection right now) prevents our prod credentials from making the connection because its a different user than the one that created the sub pkg.
Encrypt sensitive with password seems a more strategic alternative but I dont know if the param (I think its called "decrypt") on the dtexec command line that allows passing a password at run time applies to just the parent pkg or all subs also.
I dont want to delay validation. I wouldnt even mind changing the xml connection string (by entering pswd in whatever syntax is necessary) using notepad but dont know what issues that will cause.
I wouldnt mind having someone logon and "re" save the pkg using the credentials of our prod userid and choosing the default prot level instead.
I also wonder if none of the other pkgs (including master) dont have any sensitive data, can their prot level defaults be left alone?
Can the community comment?

If you are having sensitive info (passwords for conn strings etc) in our packages, the best way is to change the protection level to "encrypt sensitive with password" and then provide the password.
When we schedule a job or exec the parent package, the child packages are called automatically.
Thanks, hsbal

How to compare the texted password with the encrypted password of dba_users

Hi,
I have Oracle 10g in my system. I know dba_users table has information of all the created users of the oracle, along with their encrypted passwords.If I want to make a login page based on this table ,how could I compare the password in that case?
In above situation, I am getting the username with the regular texted password for authentication check. How can we checked this texted password with the encrypted password of dba_users, for the respective username?
Your input would be appreciated.

Try use the username/password from login page to create an connection to database.

Open An Encrypted, Password Protected Saprsebundle Disk Image With iPhone?

Is it possible to open an encrypted, password protected sparsebundle disk image using an iPhone/iPad/iPod Touch that is stored on a NAS drive connected to an AirPort Extreme Base Station?
If so, how do I do it?
If not, would you be able to explain why not?
Thanks, Alex

Hi Robert,
> Once you through a sudo in there, you lose the option
to have a regular user
   That's not really true. Sudo is one of the most flexible commands around and not only can a regular user use it but they can use it without a password. Mind you I'm not suggesting that you make all users admins; you can specify both of these privileges for this command only. All you have to do is to put a line like the following in your /etc/sudoers file. (with sudo visudo of course)
ALL ALL = NOPASSWD: /usr/bin/hdiutil create -encryption -certificate*-stdinpass -type SPARSE -fs "HFS+" -volname-size
I've included wildcards so that the cert file, volume name, size and image are arbitrary but the others must be in the user's command to qualify. I realize that you'll want different options to use FileVault certs but I don't know how to do that so I used your original example as my example.
   Of course it wouldn't be that easy for your lusers to get all of those options correct so the next thing you do is to wrap the command, with it's sudo preface, in a shell script that parses the cert file, volume name, size and image from the options the user passes to the script and puts those into the command with the right syntax. If you want to get really fancy, the script could prompt the user for any arguments that were omitted. Your lusers will think that you created this really cool command and never know that sudo was involved.
Gary
~~~~
   If you give a man enough rope, he'll claim he's tied up
   at the office.

I have an external seagate 2tb drive with 3 partitions each with encrypted passwords. What must I do if one of the drives won't recognize it's password?

I have an external seagate 2tb drive with 3 partitions each with encrypted passwords. What must I do if one of the drives won't recognize it's password?

I would have to say the LCD display or possibly the inverter as the graphics adapter can properly output to an external monitor. This would be repaired under warranty.
\\ I do not respond to PM regarding individual tech support. Keep discussions in the forum for the benefit of others //

Encrypting PDF with password. PDF command failed due to PDFlib error: Bad parameter.

I'm trying to encrypt a PDF with a password and receive this error.
~ERROR~com.adobe.document.PDFManipulation~: PDF command failed due to PDFlib error: Bad parameter.
It does not throw an exception, it just logs this error.
Anybody know how to fix this?
Version: 7.0.2
OS: Win

I was also getting this error, when trying to set usage rights on a document and then encrypt it with a password. I found a solution which works (more like a workaround, as this feels like a bug):
1. Open the unprotected file
2. Call pdfDocument.encryptWithPassword()
3. Call pdfDocument.save(), write resulting bytes to temp file
4. Reopen this file with pdfFactory.openPdfWithPassword()
5. Now you can call pdfDocument.setUsageRights() and pdfDocument.save()

Doubts regarding db connection with encrypted password usage in sandbox

Hi All,
We have setup the db connection using configuration file. The configuration file contains db connection information including the encrypted password.
Below are my doubts:
1. If we are going to import the ETL project in zip file directly into the sandbox can we run the graphs directly or we need to check how the password which is encrypted in configuration file will be decoded.
2. Can we directly modify the configuration file for db connection like db connection,user name and password. Suppose I want the graphs to run in some other database which is not specified in configuartion fiel .Can I directly update that?
3.Is it possible to change the encrypted password in the configuration file in the sandbox. Is it that we need to create the project in Integrator Designer, change the password using the Integrator Designer, and then copy the encrypted password into the configuration file in sandbox, or the Endeca provides a functionality to allow user to directly change the password in the sandbox on the Integrator server.
Can someone please let me know their comments on above.
Thanks in Advance.
Regards,
Amrit

can someone please help me on this issue

Default Encrypted Password

Dear All,
i want to insert encrypted Password of 'password' string into table user_dtl column PASSWORD .
How can i insert Encripted password into table.
Thanks

Hi Vedant,
See the CUSTOM_HASH function that is installed with sample application in the APEX.
Here is the code for it:
create or replace function custom_hash (p_username in varchar2, p_password in varchar2)
return varchar2
is
l_password varchar2(4000);
l_salt varchar2(4000) := 'XFSPL28ZTWEWWM6FHWMK68AG5NQVLU';
begin
-- This function should be wrapped, as the hash algorithm is exposed here.
-- You can change the value of l_salt or the method of which to call the
-- DBMS_OBFUSCATOIN toolkit, but you much reset all of your passwords
-- if you choose to do this.
l_password := utl_raw.cast_to_raw(dbms_obfuscation_toolkit.md5
(input_string => p_password || substr(l_salt,10,13) || p_username ||
substr(l_salt, 4,10)));
return l_password;
end;
i want to insert encrypted Password of 'password' string into table user_dtl column PASSWORD.The above function will give the encrypted password which can be inserted into USER_DTL as follows:
INSERT INTO USER_DTL(USERNAME,PASSWORD) VALUES(:P1_USERNAME, CUSTOM_HASH(:P1_USERNAME,:P1_PASSWORD))Be sure that PASSWORD column in USER_DTL is of type VARCHAR2 and of adequate length as to accommodate the encrypted password.
Hope it helps!
Regards,
Kiran

Encrypt password with a keyword

Similar Messages

Maybe you are looking for