问题
My application currently is using the firebird security to logon for any user of my application.
We are using Delphi7 and Firebird 2.1.
Now we need to change this and we need to control de access by ourself.
We are thinking about retrieve all users passwords from the database (as a conversion routine) and save the password inside our tables....
Is possible to do this?
I'm trying to use the delphi component TIBSecurityService, but without success.
Take a look:
var
i: integer;
l: TStrings;
pwd: string;
begin
IBSecurityService1.Attach;
IBSecurityService1.DisplayUsers;
l := TStringList.Create;
try
for i := 0 to IBSecurityService1.UserInfoCount-1 do
l.add(IBSecurityService1.UserInfo[i].UserName);
while l.Count > 0 do
try
IBSecurityService1.DisplayUser(l[0]);
pwd := IBSecurityService1.Password;
// pwd = ''
finally
l.Delete(0);
end;
finally
l.Free;
end;
end;
Thanks for help!
回答1:
Passwords in Firebird are hashed, so you cannot recover them.
回答2:
As far as I know TIBSecurityService is for Interbase 6 (see its entry on Embarcadero's wiki). I am not sure if that component still works for Firebird 2.1, since the original Firebird was a fork of that version.
Said this, you can not retrieve the original password. Passwords in Firebird are encrypted using a one-way encryption algorithm as stated in the Firebird FAQ. So if that was what you intended then it will not work.
What you could try to do is upgrade the security2.FDB database which holds the users information. You can do that by making a backup of that database on the old Firebird server, and restore it on the new Firebird server. Check this link for the steps to follow.
HTH
回答3:
In any decent application the passwords are not stored encrypted or in plain text.
They are stored by computing the hash of the password . Hasing should be not reversible thoug there are several weak hashing algorithms, I doubt the recovery is possible without a gross hack.
来源:https://stackoverflow.com/questions/12953989/retrieve-firebird-users-passwords