Kbase P114540: 4GL/ABL: Is it possible to use a different form of encryption to store a password in the _User table
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
12/8/2008 |
|
Status: Verified
GOAL:
4GL/ABL: Is it possible to use a different form of encryption to store a password in the _User table?
GOAL:
Is it possible to use the _User table to further fortify the database security using another encoding method?
FACT(s) (Environment):
All Supported Operating Systems
Progress 8.x
Progress 9.x
OpenEdge 10.x
FIX:
Yes it is possible to use a different form of encryption to store a password encoded with a user define encoding algorithm other than that of the 4GL/ABL ENCODE function. However, such a fortified password encryption can not be stored in the _Password field of the _user table.
Although it is not possible to modify the functionality of the existing 4GL ENCODE function, and to store their own encoding results in the _Password field of the _user table, developers can use other encoding or encryption methodologies to store a secondary strengthened password in one or more of the _U-misc1, _U-misc2 or
_User-Misc fields.
Indeed any field of any non system database table may also be used to store additional data that may be encoded using the 4GL ENCODE method or any developer defined encryption algorithm to implement additional user authentication logic.