2008. július 17., csütörtök

How InteBase stores the passwords?


How InteBase stores the passwords?


InterBase stores all of it's user name information in a database called ISC4.gdb.
It is the "user" table that contains the "User_Name" and "Passwd" fields for each user.
To get a list of the valid user do a:
select user_name from users;

Just because a user is listed in the users table, doesn't mean that they have rights to access
any of the tables in InteBase. Access to each table is handled by sql grant and revokes and that data
is stored in the actual database not isc4.gdb.

The passwords for each user is stored in the passwd field and are encrypted.
The password is encrypted with the UNIX crypt routine (DES Salt).
That routine requires a salt which is always "9z". The resulting encrypted data
is striped of the "9z" (11 char. left) and crypted again with the same "9z" salt.
The result, once striped of the "9z" is the encrypted password as found in the ISC4.GDB database.

Nincsenek megjegyzések:

Megjegyzés küldése