Re: How to encrypt password in DatabaseAuthenticatorAction??
Sternath Elmar wrote: Hello, I use DatabaseAuthenticatorAction and Update/AddDatabaseAction for my login/user administration procedure. All user info including password is stored as clear text in the database. Is there any solution for password encryption in this context? If you are using Oracle, you could use the database package DBMS_OBFUSCATION_TOOLKIT (http://otn.oracle.com/docs/products/oracle9i/doc_library/release2/appdev.920/a96612/d_obtool.htm#6518). It can encryt/decryt password with the same algorithm as the database. Mit freundlichen Grüßen/ Best regards Elmar Sternath Best regards, Marcelo. -- Marcelo F. Ochoa - [EMAIL PROTECTED] Do you Know DB Prism? Look @ http://www.dbprism.com.ar/dbprism/doc/Home.html More info? Chapter 21 of the book "Professional XML Databases" (Wrox Press http://www.wrox.com/) Chapter 8 of the book "Oracle & Open Source" (O'Reilly http://www.oreilly.com/catalog/oracleopen/) --- Lab. de Sistemas - Fac. de Cs. Exactas - UNICEN Paraje Arroyo Seco - Campus Universitario (7000) Tandil - Bs. AS. - Argentina Te: +54-2293-30 Fax: +54-2293-31 - Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>
Re: How to encrypt password in DatabaseAuthenticatorAction??
On 17.Jan.2003 -- 11:25 AM, Sternath Elmar wrote: > Hello, > > I use DatabaseAuthenticatorAction and Update/AddDatabaseAction for > my login/user administration procedure. All user info including > password is stored as clear text in the database. Is there any > solution for password encryption in this context? Yes -- you could use the actions from the modular package and pipe your pw through the DigestMetaInputModule. There is no authenticator action but the select action should provide similar enough functionality. Chris. -- C h r i s t i a n H a u l [EMAIL PROTECTED] fingerprint: 99B0 1D9D 7919 644A 4837 7D73 FEF9 6856 335A 9E08 - Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>
Re: How to encrypt password in DatabaseAuthenticatorAction??
Hello, In my point of view the easiest way is to not store real pusswords but its digests (in example MD5 or SHA). Murad Jura. Sternath Elmar wrote: Hello, I use DatabaseAuthenticatorAction and Update/AddDatabaseAction for my login/user administration procedure. All user info including password is stored as clear text in the database. Is there any solution for password encryption in this context? Mit freundlichen Grüßen/ Best regards Elmar Sternath Siemens AG Information and Communication Networks ICN IT CA EB 2 - Web Applications Mch H/Me19 - 99801-231a Meglinger Straße 19 (99801-231a) D-84577 München Tel.: +49(89)722-24045 Mobil: +49(0)160-5860351 Fax.: +49(89)722-53384 EMail: [EMAIL PROTECTED] <> - Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]> - Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>
How to encrypt password in DatabaseAuthenticatorAction??
Hello, I use DatabaseAuthenticatorAction and Update/AddDatabaseAction for my login/user administration procedure. All user info including password is stored as clear text in the database. Is there any solution for password encryption in this context? Mit freundlichen Grüßen/ Best regards Elmar Sternath Siemens AG Information and Communication Networks ICN IT CA EB 2 - Web Applications Mch H/Me19 - 99801-231a Meglinger Straße 19 (99801-231a) D-84577 München Tel.: +49(89)722-24045 Mobil: +49(0)160-5860351 Fax.: +49(89)722-53384 EMail: [EMAIL PROTECTED] <> Sternath Elmar.vcf Description: Binary data - Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>
DatabaseAuthenticatorAction usage
I am trying to get this article by Lajos and can not get it to work. The section on using DatabaseAuthenticatorAction. How to display what has been entered on the form after submit so I can debug? Mysql has the Users table with user_name and user_password columns both varchar(5), and john1 as username and john1 as password. I entered this on the form, hit submit and the logon.html is redisplayed again as if the userid has not been set, see below in the log. Any help would be appreciated. http://www.javaworld.com/javaworld/jw-09-2002/jw-0920-cocoon-p3.html auth-info.xml: myown login.html: Login page for Cocoon. Please Enter the following information: Userid Password on the access.log I see this, and I think the login.html is processed but not setting userid? DEBUG (2002-10-20) 10:01.26:311 [access] (/cocoon/protected/auth-info.xml) H ttpProcessor[8069][0]/AbstractEnvironment: Reset context to file:/u01/c2build/co coon-2.0.3/cocoon/ INFO(2002-10-20) 10:01.26:312 [access] (/cocoon/protected/auth-info.xml) H ttpProcessor[8069][0]/CocoonServlet: 'protected/auth-info.xml' Processed by Apac he Cocoon 2.0.3 in 15 milliseconds. DEBUG (2002-10-20) 10:01.26:320 [access] (/cocoon/protected/login.html) Http Processor[8069][0]/AbstractEnvironment: Changing Cocoon context DEBUG (2002-10-20) 10:01.26:320 [access] (/cocoon/protected/login.html) Http Processor[8069][0]/AbstractEnvironment: from context(file:/u01/c2build/cocoon- 2.0.3/cocoon/) and prefix() DEBUG (2002-10-20) 10:01.26:320 [access] (/cocoon/protected/login.html) Http Processor[8069][0]/AbstractEnvironment: to context(sitemap.xmap) and prefix() DEBUG (2002-10-20) 10:01.26:321 [access] (/cocoon/protected/login.html) Http Processor[8069][0]/AbstractEnvironment: at URI protected/login.html DEBUG (2002-10-20) 10:01.26:321 [access] (/cocoon/protected/login.html) Http Processor[8069][0]/AbstractEnvironment: New context is file:/u01/c2build/cocoon- 2.0.3/cocoon/ DEBUG (2002-10-20) 10:01.26:323 [access] (/cocoon/protected/login.html) Http Processor[8069][0]/AbstractEnvironment: Resolving 'secret/login.html' in context 'file:/u01/c2build/cocoon-2.0.3/cocoon/' More clues from sitemap.log: DEBUG (2002-10-20) 10:01.16:790 [sitemap] (/cocoon/protected/login.html) Htt pProcessor[8069][0]/sitemap_xmap: Source= secret/login.html DEBUG (2002-10-20) 10:01.16:790 [sitemap] (/cocoon/protected/login.html) Htt pProcessor[8069][0]/sitemap_xmap: Mime-type= text/html DEBUG (2002-10-20) 10:01.26:308 [sitemap] (/cocoon/protected/auth-info.xml) HttpProcessor[8069][0]/sitemap_xmap: Matched wildcard pattern protected/* DEBUG (2002-10-20) 10:01.26:308 [sitemap] (/cocoon/protected/auth-info.xml) HttpProcessor[8069][0]/AbstractSitemap: Current Sitemap Parameters: PARAM: '1' VALUE: 'auth-info.xml' PARAM: '0' VALUE: 'protected/auth-info.xml' DEBUG (2002-10-20) 10:01.26:309 [sitemap.matcher.sessionstate] (/cocoon/prot ected/auth-info.xml) HttpProcessor[8069][0]/WildcardSessionAttributeMatcher: Ses sion attribute 'userid' not set. DEBUG (2002-10-20) 10:01.26:309 [sitemap] (/cocoon/protected/auth-info.xml) HttpProcessor[8069][0]/sitemap_xmap: Sitemap: session='false', redirecting to lo gin.html DEBUG (2002-10-20) 10:01.26:322 [sitemap] (/cocoon/protected/login.html) Htt pProcessor[8069][0]/sitemap_xmap: Matched wildcard pattern protected/login.html DEBUG (2002-10-20) 10:01.26:322 [sitemap] (/cocoon/protected/login.html) Htt pProcessor[8069][0]/AbstractSitemap: Current Sitemap Parameters: PARAM: '0' VALUE: 'protected/login.html' DEBUG (2002-10-20) 10:01.26:322 [sitemap] (/cocoon/protected/login.html) Htt pProcessor[8069][0]/sitemap_xmap: Component reader:resource(Parameters.EMPTY_PAR AMETERS) DEBUG (2002-10-20) 10:01.26:322 [sitemap] (/cocoon/protected/login.html) Htt pProcessor[8069][0]/sitemap_xmap: Source= secret/login.html DEBUG (2002-10-20) 10:01.26:323 [sitemap] (/cocoon/protected/login.html) Htt pProcessor[8069][0]/sitemap_xmap: Mime-type= text/html __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ - Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>
Re: DatabaseAuthenticatorAction
Hi You can use both the formval and the dbauth action. if you get no error from the formvalidator action but null from the dbauth action, the supplied username and password is invalid. greetings mike - Original Message - From: "Chris" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 01, 2002 10:59 AM Subject: DatabaseAuthenticatorAction > Hi guys > > A question about the DatabaseAuthenticatorAction action. It works and all so > I'm not worried about configuring anything. It's more to do with getting > error messages back from it. > > If I use the FormValidatorAction then I can parse the feedback in XSP using > the form-validator logicsheet. Is there any similar way of parsing the > feedback if I use the DatabaseAuthenticatorAction? > > It's all very well telling a user that a required field is null but I want > to tell that same user that the username/password combination is invalid. > > TIA. > > Chris > > > > - > Please check that your question has not already been answered in the > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> > > To unsubscribe, e-mail: <[EMAIL PROTECTED]> > For additional commands, e-mail: <[EMAIL PROTECTED]> > > - Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>
DatabaseAuthenticatorAction
Hi guys A question about the DatabaseAuthenticatorAction action. It works and all so I'm not worried about configuring anything. It's more to do with getting error messages back from it. If I use the FormValidatorAction then I can parse the feedback in XSP using the form-validator logicsheet. Is there any similar way of parsing the feedback if I use the DatabaseAuthenticatorAction? It's all very well telling a user that a required field is null but I want to tell that same user that the username/password combination is invalid. TIA. Chris - Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>
DatabaseAuthenticatorAction - preventing concurrent user logins...?
Hi, I am using Cocoon 2, with a DatabaseAuthenticatorAction to validate user logins. What I need to be able to do though is limit each user to only being logged in once, and also limit the total number of logged in users at any one time, to some limit (say 20). Does anyone have any bright ideas of how I might go about enforcing this? I had thought about having a "logged in" boolean in the users table in the database, and add an extra rule such that a user can't log in if this is already set... but that raises the question of what to do for someone not logging out properly/their web browser crashing, and then gets into a whole rat's nest of timeouts and forced logouts... One other idea I had was for the web pages to have a small applet which communicates back with the web server, acting as some kind of heartbeat. Something on the server end then needs to update the users table with the last heartbeat time. This though is really a last resort option, as it means introducing a frames just so the applet remains across the whole site, and as the number of logged in users increases, the extra network traffic just gets silly. Any suggestions/ideas/examples are appreciated, cheers, David. - Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faqs.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>
