12 Replies Latest reply: Mar 21, 2013 9:45 AM by HamidHelal RSS

    Autentification interface

    982158
      Hi,
      I want to create authentification interface contains two items and 1button.
      I started by creating table "Autentification" which contains 2 columns.

      when-button pressed trigger:
      declare
      nb number;
      begin
      select count(*)into nb from authetification where pass=:auth.pass and user_name=:auth.user_name;

      if nb<>0 then
      call_form('...');
      else
      message('pass or user is false');
      end if;
      end;

      How I can to manage the "logout" for the user ?

      I need your opinion for my code and all ...

      Edited by: 979155 on 20 mars 2013 17:21
        • 1. Re: Autentification interface
          HamidHelal
          979155 wrote:
          Hi,
          I want to create authentification interface contains two items and 1button.
          I started by creating table "Autentification" which contains 2 columns.

          when-button pressed trigger:
          declare
          v1,v2 varchar2(10);
          begin
          select user_name into v1,pass into v2 from authetification where pass=:auth.pass

          if v1 != NULL and v2 != NULL then
          call_form('...');
          else
          message('pass or user is false');
          end if;
          end;

          How I can to manage the "logout" for the user ?
          What do you mean by logout ? exit from the application or re open the login screen.. ?
          If re-open the login screen, try
          exit_form;
          open_form('login_form');
          Hope this helps

          Hamid
          • 2. Re: Autentification interface
            982158
            exit from the application ,and return to the authentication interface
            • 3. Re: Autentification interface
              HamidHelal
              979155 wrote:
              exit from the application ,and return to the authentication interface
              exit_form;
              New_form ('login_form');
              Hope it works..

              Hamid
              • 4. Re: Autentification interface
                982158
                is that preferably create users using create user ... or create a table like I did?
                • 5. Re: Autentification interface
                  HamidHelal
                  979155 wrote:
                  is that preferably create users using create user ... or create a table like I did?
                  Simple is...
                  Create A TABLE with few column like. user_name,user_password,user_first_name,user_last_name.
                  base on the table create a form and enter user information.
                  when login check the user entered data with the table and authentication.

                  Hope this helps..


                  Hamid
                  • 6. Re: Autentification interface
                    982158
                    I want the system manages the creation of passwords ,have you any suggestions ?
                    • 7. Re: Autentification interface
                      XeM
                      Hi ,

                      Meth: 1
                      On the block for "authentication" table create a pre-insert trigger and add this code
                      if :authentication.txt_password is null then
                           select round(dbms_random.value(222222,999999)) into :authentication.txt_password from dual; 
                      
                      end if;
                      change these properties of txt_password
                      Insert Allowed No
                      Update Allowed No
                      This will auto generate a six digit random number ranging from 222222 to 999999 you can embed random alphabets also
                      if you want do so just google this function dbms_random.value.

                      Meth: 2

                      You can use the same logic in a trigger before insert on each row on table authentication if you dont want to create users by a form
                      • 8. Re: Autentification interface
                        982158
                        in this case I can use "pass_words" as a primary key?
                        • 9. Re: Autentification interface
                          Christian Erlinger
                          in this case I can use "pass_words" as a primary key?
                          If the resulting index can be created (http://ora-01404.ora-code.com/) you could, but why would you do that? The key is the username, not the password. Also it seems that you are storing the passwords in plain text in your table which in itself is a very bad idea.

                          Better store hashes of passwords you can do this with dbms_crypto:
                          http://docs.oracle.com/cd/B19306_01/appdev.102/b14258/d_crypto.htm#i1002022

                          Maybe also add a secret salt so you are not prone to attacks over rainbow tables:
                          http://en.wikipedia.org/wiki/Rainbow_tables#Defense_against_rainbow_tables
                          http://en.wikipedia.org/wiki/Salt_%28cryptography%29

                          instead numbers you can generate strings with dbms_random as well:
                          http://docs.oracle.com/cd/B19306_01/appdev.102/b14258/d_random.htm#i996825

                          cheers
                          • 10. Re: Autentification interface
                            HamidHelal
                            979155 wrote:
                            in this case I can use "pass_words" as a primary key?
                            Hi,
                            Simple is better. Think you are not developing a public application where any one can create user name and password will auto generate and mail to the newly registered user.
                            Better
                            create user name and password manually and inform the user what is, his password and user name.

                            and to your question password should not be primary key. User name should be.

                            Hope this helps

                            Hamid
                            • 11. Re: Autentification interface
                              982158
                              Thank you all

                              Edited by: 979155 on 21 mars 2013 07:42
                              • 12. Re: Autentification interface
                                HamidHelal
                                979155 wrote:
                                Can I use user_name as primary key because it is already used by another table as a primary key
                                yes. you can.. also i want to store password as encrypted.. as christian says..