How to encrypt password field in JHS_USERS table?

Similar Messages

• How to encrypt password with hash function in Java?

  Hello, everybody!
  I will need to store user passwords in a database, but for stronger security I want to store these passwords hashed, so I know I will need a column for the password and for the salt value.
  So, I'd like that you indicate me a very good article or tutorial (preferable from Sun) that shows me how to use Java to encrypt and decrypt passwords with hash. It doesn't necessarily need to deal with database. I can implement this part myself after seeing how Java manage encryption with hash functions.
  Thank you very much.
  Marcos

  I will tell you more precisely what I want to get better for you to help me.
  As I said I implemented in .NET what I need to implement in Java now. In my
  database I have a table with this structure (I omitted that columns that are not
  necessary to our discussion):
  CREATE TABLE EMPLOYEES
  ID NOT NULL PRIMARY KEY,
  PASSWORD VARCHAR(40), -- password encrypted
  HASH_SALT VARCHAR(10) -- salt value used to encrypt password
  So, in the table I have a column to store the password encrypted and a column to
  store the salt value.
  Below is a little utility class (in C#) that I use to generate the salt and
  the hashed password.
  public static class PasswordUtilities
      public static string GenerateSalt()
          RNGCryptoServiceProvider encoder = new RNGCryptoServiceProvider();
          byte[] buffer = new byte[5];
          encoder.GetBytes(buffer);
          return Convert.ToBase64String(buffer);
      public static string EncryptPassword(string password, string salt)
          string encryptedPassword =
              FormsAuthentication.HashPasswordForStoringInConfigFile(
              password + salt, "SHA1");
          return encryptedPassword;
  }As you can see, the class is fairly simple. It only has two methods: one to
  generate the salt value that will be used to encrypt the password and another
  one to encrypt the password. The method HashPasswordForStoringInConfigFile of
  the FormsAuthentication class is what really hash the password with the salt
  value. This class belongs to the .NET library, so we can't see its source code,
  but it doesn't matter for our discussion as I know that we can implement
  something similar in Java.
  Below is a little sample code showing the use of the utility class above to
  encrypt a password.
  public class Encrypt
      public static void Main(string args[])
          string password = "Secret";
          string salt = PasswordUtilities.GenerateSalt();
          string encryptedPassword = PasswordUtilities.EncryptPassword(password, salt);
          // now I store 'encryptedPassword' in the PASSWORD column and 'salt'
          // in the HASH_SALT column in the EMPLOYEES table.
  }To verify if a password is correct I can use the code below:
  public class VerifyPassword
      public static void Main(string args[])
          string password = GetPasswordFromUser();
          // Let's assume that employee is an instance that corresponds to a row
          // in the database and the properties HashSalt and Password correspond
          // to the HASH_SALT and PASSWORD columns respectively.
          Employee employee = GetEmployeeFromDatabase(1);
          string salt = employee.HashSalt;
          string encryptedPassword = PasswordUtilities.EncryptPassword(password, salt);
          bool passwordMatch = employee.Password.Equals(encryptedPassword);
          System.Console.WriteLine(passwordMatch);
  }The only thing that interest me in this discussion is the PasswordUtilities class.
  As you saw its code is in C#, using the .NET framework libraries.
  What I want is to have this same little class coded in Java, to generate the salt
  value and to encrypt the password passed in using salt value generated. If you could
  help me to do that with articles that have what I want or with code that already do
  that I would really appreciate.
  Thank you in advance.
  Marcos

• How to encrypt password columns

  I would like to create a table to store the username and password for all my application users. There are a problem with password encryption. When I create a table as follows,
  create table usrmas
  (username varchar2(10),
  passwd varchar2(20))
  All password from the passwd column will be disclosed when somebody query the table. It is not secure. Right?
  When I tried to use the table dba_users, for example, there are a user scott with password tiger, I am fail to find a record when I type a sql as follows,
  select *
  from dba_users
  where username = 'SCOTT'
  and password = 'TIGER'
  Please advice me how I can authenticate user. Thanks

  If you have a 10g database, it should be installed by default.
  Note, however, that Oracle stores hashed passwords, not encrypted passwords, in the dba_users table. That's more secure since there is no decrypt method for a hashed value. With a hashed value, you can only check whether the user has provided the right password, you can't find out what the right password is.
  Justin
  Distributed Database Consulting, Inc.
  http://www.ddbcinc.com/askDDBC

• How to pick the fields of ABC table in Payslip

  How to pick the fields of ABC table in Payslip, So i want to add the calender days(absent days) in my payslip

  You can do it through PE51_CHECKTAB
  Yogesh

• How to add additional field into output table for RFIDYYWT(Generic Withholding Tax Reporting)

  Hi Experts,
  How to add additional field into output table VENDORS/WH TAX TYPES AND CODES in RFIDYYWT(Generic Withholding Tax Reporting).
  I have no idea how to start with, please give some advice.
  Thanks!
  Ice

  Dear Ice,
  Use Append structure, see given link:
  https://help.sap.com/saphelp_nw04s/helpdata/en/cf/21eb61446011d189700000e8322d00/content.htm
  Regards,
  Abbas.

• How to encrypte password using form 6i?

  Dear all,
  How to encrypte password using form 6i?
  Best Regards,
  Amy
  Edited by: amychan60 on Sep 29, 2008 8:23 PM

  DBMS_CRYPTO and DBMS_OBFUSCATION_TOOLKIT packages provide APIs for data encryption.
  Note: 102902.1 - Encrypting Data using the DBMS_OBFUSCATION_TOOLKIT package
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=102902.1
  Note: 197400.1 - Example Code Encrypting Credit Card Numbers
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=197400.1
  Developing Applications Using Data Encryption
  http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/apdvncrp.htm

• How to update the field ZLSPR of table BSEG

  HI Friends,
  Can anyone tell me how to update the field ZLSPR of table BSEG? I've a 700 line abap program and I should include some logic in this program to make an entry into BSEG-ZLSPR. Is there any FM/BAPI available? Is BDC a healthy approach?. My team lead do not want me to use UPDATE statement....please help.
  Thanks in advans,
  Varsha.

  Hi,
  Hi ,
  You will need to group that radiobuttons so that SAP knows they are linked together. To do this using the grahical layout editor simply select all the radiobuttons and then right click on them, Now choose define group. Once you have done this you should not need any of the "clear" or "='X'" statements SAP should control it all for you.
  hope this helps
  Reward if found helpfull...
  Venkoji Babu.

• How to encrypt password in Forms10g while calling in batch mode

  We are migrating our Forms 6i batch jobs to Forms10g. There are two ways we can pass login
  information.
  1. In formsweb.cfg
  2. Pass in URL string 'userid=username/password@connectstring'
  In both cases the password is not secured. In option # 1 password is in the configuration file in plain text. In
  second option # 2, its in the URL.
  BTW, we are using HTTPS protocol while calling form in batch mode and we are not using SSO.
  Is there a way, we can use data source in frmservlet while calling form in batch mode. Like in Java, we can create data source with indirect password, the password is encrypted.
  Basically, we would like to encrypt our password, we have very strict security guidelines.
  Please let us know if there are any options, how to encrypt password in Forms 10g
  Regards,
  Gufran

  One option maybe the following :
  - Create a file holding the encrpyted username/password on the application server side (in the working directory of your oracle forms application)
  - As a parameter, pass the name of your file to the form
  - when the form is getting called, read the name file in (TEXT_IO) and use the logon built-in with the value from the password file
  How to create an encrpyted file :
  - use the obfuscation toolkit to encrypt username/password@instance into a varchar2
  - write this value to a file using oracle forms (TEXT_IO)
  FUNCTION f_encrypt_string(p_key IN VARCHAR2)
  RETURN VARCHAR2 IS v_encrypt_string VARCHAR2(2000) := 'N/A';
  l_data VARCHAR2(2000);
  BEGIN
  -- if neccessary create a text where the length of the string
  -- is diviteable by 8 (which is a requirement of dbms_obfuscation_toolkit)
  l_data := RPAD(p_key, (TRUNC(LENGTH(p_key)/8)+1)*8, CHR(0));
  DBMS_OBFUSCATION_TOOLKIT.DESEncrypt(input_string => l_data,
  key_string => 'MagicKey',
  encrypted_string=> v_encrypt_string);
  RETURN (v_encrypt_string);
  END;
  Edited by: user434854 on Apr 8, 2009 5:17 AM

• How to create password field in screen painter

  hi all,
      i am designing login screen. in that i hv to create one input-output field as a password field. i.e when i enter the characters it will display in <b>*(star) format.</b>
       also is there any way to do the same using <b>parameters</b> statement in report? give me the Way or coding.
  thanks in advance,
  regards,
  Vinod.

  HI GOPI
     I TRY TO ENCRYPT FORMULA IN PASSWORD PROTECT.BUT ITS NOT WORK .ITS SUCCESSFUL COMPILE & WHEN I PUT PASSWORD ITS SHOWING WHAT I GIVEN THERE. SO I THINK IN MY CODING PART THERE IS SOME ERROR.CAN U HELP ME PLEASE.
  I BRIEFLY DESCRIBE.........
  HERE FOR LOGIN PURPOSE I USE MODULE POOL PROGRAM & THERE I CREATE TWO FIELD ONE FOR (USER_NAME & PASSWORD).THERE SHOWING TWO ERROR (1ERROR ONE) EVEN IF YOU GIVE WRONG USER & PASSWORD THEN LOGIN SUCCESSFUL AND (2 SECOND ONE) IF YOU GIVE PASSWORD IN PASSWORD FIELD THAT   LOOK LIKE (****) MEANS ENCRYPT.
  I ALSO SEND MY CODING CAN YOU CHECK PLEASE.
  REPORT  ZLOGIN_PRO MESSAGE-ID ZBABUN.
  TABLES: ZTABLE_LOGIN.
  data: itab like table of ztable_login with header line,
                OK TYPE SY-UCOMM.
                   CALL SCREEN 100.
  *&      Module  USER_COMMAND_0100  INPUT
        text
  MODULE USER_COMMAND_0100 INPUT.
  CASE OK.
  WHEN 'LOGIN'.
      SELECT * FROM ZTABLE_LOGIN INTO TABLE ITAB.
          SELECT * FROM ZTABLE_LOGIN INTO TABLE ITAB WHERE PASSWORD = ZTABLE_LOGIN-PASSWORD.
    SELECT USER_NAME FROM ZTABLE_LOGIN INTO ITAB-USER_NAME.
     SELECT PASSWORD FROM ZTABLE_LOGIN INTO ITAB-PASSWORD.
  LOOP AT ZTABLE_LOGIN.
    if itab-user_name ca itab-password.
         message i006.
  ELSEIF SCREEN-GROUP1 = 'ZTABLE_LOGIN-PASSWORD'.
  SCREEN-INVISIBLE = '1'.
  MODIFY ZTABLE_LOGIN.
  CONTINUE.
         call transaction 'SBWP'.
       else.
       message e020.
       CLEAR  : ZTABLE_LOGIN-USER_NAME,ZTABLE_LOGIN-PASSWORD.
     endif.
  END LOOP.
  WHEN 'LOGOUT'.
  MESSAGE I007.
  LEAVE PROGRAM.
  WHEN 'CREATE'.
    CALL TRANSACTION 'ZLOGIN_NEW_USER'.
  ENDCASE.
  ENDMODULE.                 " USER_COMMAND_0100  IN
  note: FIELD NAME OF USER_NAME = ZTABLE_LOGIN-USER_NAME
                                      PASSWORD = ZTABLE_LOGIN-PASSWORD
  PLEASE REPLAY ME.
  .I AM WAIT FOR UR RESULT.
  THANKS
  LAXMIKANTA.

• How to encrypt password in Sun ONE directory server?

  Hi,
  I'm trying to perform an update to a password field in Sun ONE directory server using JNDI, but the stored password does not get encrypted by the directory server. I've searched the forum, and only found examples on how to do so for Active Directory. Please help.
  Thanks

  You didn't make mention of setting up ssl on the server side, so search these boards for openssl. Some nice person uploaded an nice example of how do use openssl to do this.
  To get the ssl certs for the solaris-client ssl authentication ( tls:simple ) to work you will need to use netscape to connect to the ssl port to get the right format. There are comments in that same doc on how to do that.

• How to encrypt password

  hi,
  i have a problem on how to hide the password.
  everytime i type the password in the customize key entry on the selection screen for me to customize the table ZTFDIR  and if i will open the table ZAUTHORITY it is where i insert the password and the user id. if will click the content of that table... the user id and the password will appear... so there is a possibility that some of the user will know the password i created for that selection screen.... how can i hide that password on the ZAUTHORITY TABLE???
  I NEED IT ASAP...
  BRYAN

  Hi Bryan,
  You can create your own screen (not a generated selection screen) and set the attributes for that field to display asterixes only (Program tab, *entry checkfield).
  Hope this helps,
  Bert

• How to deactivate the fields in a table control of a standard screen

  Hi,
     I have an requirement to deactivate the fields in a table control of a standard screen in ME22n transaction.I am using a BADI "ME_PROCESS_PO" and in item mathod i am looping at screen for the screen field name in the table control.But it is not working. Can anyone give me the possible solution . Thanx in advance.
  With Regards,
  Ajit.

  >
  Vivek Joshi wrote:
  > Hello Router ,
  >                      I do not want to set the focus , I want to get focus . User can click on any cell in the table and then press a button in the toolbar . Now in the event handler of the button i want to under which column User has set the focus .
  > I hope , I am clear now .
  > Thanks for your help
  > Regards
  > Vivek
  An yet you keep getting suggestions of how to set the focus.   I looked through the API documentation and I don't see anything that would suggest you can request to see where the current focus is.  Perhaps someone might still come along with a solution, but my hopes wouldn't be too high at this point.  I can pass the requirement onto Product Definition, as the use case does seem interesting.  Perhaps it is something we have even considered in the past. 
  But for now, there might be a better way to solve your problem.  It will probably mean redesign the interaction.  What exactly are your requirements?  Do you need to be able to get the data in a particular cell of table when a button is clicked?  Just throwing out some ideas here, but maybe just use the lead selection to select the row, but then have a button choice to choose the action associated with the column you want. A hack for sure - but it might work.  Also it doesn't help you right now, but in the near future update to NetWeaver 7.0, WDA does have a onColSelect event for the table.

• How to read the field value from Table Control

  Hello Experts,
  I am creating my first Table Control Screen. Basically I have to create a screen (102) with a table control which has 2 fields: A_QTY, B_QTY and 2 Buttons: SAVE, EXIT.
  When Clicked on 'SAVE' the data (MATNR) from a previous screen (101)  and the data (A_QTY, B_QTY) from the new screen (102) should be saved into a Z-table.
  Internal table t_data has 3 fields.
  MATNR
  A_QTY
  B_QTY.
  Table Control TC_RACK was declared like this:
  controls tc_rack type tableview using screen 0102.
  I/0 Fields:
  A_QTY type ZQTY.
  B_QTY type ZQTY.
  The screen Flow Logic:
  process before output.
  module status_0102.
    loop at t_data into w_data with control tc_rack.
    endloop.
  process after input.
    module exit_0102 at exit-command.
    loop at tc_rack.
    endloop.
  module user_command_0102.
  module status_0102output.
    set pf-status 'STATUS_102'.
    set titlebar 'TITLE_102'.
    describe table t_rack lines tc_rack-lines.
  endmodule.                 "status_0102 output
  process after input.
  module user_command_0615 input.
  case ok_code.
     when 'SAVE_RK'.
     when others.
  endcase.
  endmodule.                 "user_command_0102 input
  Now for eg, when the users enter values for A_QTY and B_QTY like this:
  A_QTY     B_QTY
  1000         2000
  3000         4000
  How can I read these values and pass them to T_DATA so that I can save it into Z-table?
  I greatly appreciate your help.
  I've gone through some previously posted threads and could not understand because my knowledge in this area is preliminary.
  Thanks a lot.
  Could you please let me know
  Edited by: dev a on Jan 13, 2010 2:46 PM

  Hi dev a
  You should use
    DATA: lv_name(30) TYPE c.
    FIELD-SYMBOLS: <QTY> type ZQTY.
  GET CURSOR FIELD lv_name.   "Get the field name in table control
  check sy-subrc = 0.
  assign  (lv_name) to <QTY>.  "Here you get the value in <QTY>
  check sy-subrc = 0.
  Also use <your table control>-current_line to get the table index uo're currently on.
  Hint: Do not use GET CURSOR LINE if you want to get table index since this gives you the line relative to dialog screen
  Good luck
  Dean Q.
  Edited by: Dean Q on Jan 13, 2010 11:11 PM

• How to make screen field enable when table control gives an error

  Hi,
      I had a scneario like when table control data wrong then one parameter of the screen should be enabled for the input, i knew that screen-name will not work since it will have always table control fields only when table control gives an error.
  How to make the other parameter enable when table control throws an error.
  Regards,
  Jaya

  Hi Gobi,
       Thanks for your response, but issue is - how to make other screen fields enable when there was an error in the table control data.
  For table control - lets say we will use the code as i mentioned above.i am sure that we cant write the code for field enable in between loop & endloop.
  as you said if we right outside the loop-endloop, the module wont be triggered when table control throws an error, because that statement was not there in the loop-endloop.
  please let me know if you need any more information on the issue. I hope there is alternative for this in SAP.
  Thanks
  Jaya

• How to disable Password field in Oracle User administration

  Hi ,
  How can I personalize the password field on the user - define form not updatable ? I have tried forms personalization on this field but it didnt work. Can anyone have an idea whether this field can be personalized at all
  Thank you in advance !

  See if this works out for you. I tested and it is ok
  Trigger Event - WHEN-NEW-ITEM-INSTANCE
  Trigger Object - USER.USER_PASSWORD
  Processing Mode - Both
  Action Type - Property
  Object Type - Item
  Target Object - USER.USER_PASSWORD
  Property Name - ENABLED (APPLICATIONS COVER)
  Value - FALSE
  Save and close/open both forms. In Enter or Query modes, when ever user navigate to Password field, it is disabled and not editable.
  Hope this works as you expected. Just play around :-)