You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2022-02-11 09:17:39
- konsul41
- Member
- Registered: 2020-05-21
- Posts: 24
Self-verification of the password
I am currently using Mormot to connect to an old MSSQL database which has its own login system (table) with its own password encryption.
I made my own TAuthUser and mapped the AuthUser fields to the fields in the table.
I am running TSQLRestServerAuthenticationDefault and fetching user from database is currently working. I am getting an error that the password is not valid.
Now I would like to use the method of password transmission used by TSQLRestServerAuthenticationDefault and only decode the password on the server side and check if the password is correct.
Is that a good way and is it possible at all?
Offline
#2 2022-02-11 13:04:50
Offline
#3 2022-02-11 13:07:53
- konsul41
- Member
- Registered: 2020-05-21
- Posts: 24
Re: Self-verification of the password
How to write the password encryption procedure in the client?
And basically how to change the password system?
Which direction should I go?
Last edited by konsul41 (2022-02-11 13:14:34)
Offline
#5 2022-02-11 13:27:03
- konsul41
- Member
- Registered: 2020-05-21
- Posts: 24
Re: Self-verification of the password
In my class
TUsers = class (TSQLAuthUser)
I overwritten
class function ComputeHashedPassword (const aPasswordPlain: RawUTF8;
const aHashSalt: RawUTF8 = ''; aHashRound: integer = 20000): RawUTF8; override;
is this a good direction.
It worked, I logged in with the data from the table.
Offline
#6 2022-02-11 14:05:49
Re: Self-verification of the password
If it worked, it is fine. 
But ensure that the connection is encrypted (using HTTPS/TLS or our encrypted WebSockets layer), otherwise it may be possible to retrieve the password over the wire.
Offline
Pages: 1