This discussion is archived
12 Replies Latest reply: Mar 21, 2013 7:45 AM by HamidHelal RSS

Autentification interface

982158 Newbie
Currently Being Moderated
Hi,
I want to create authentification interface contains two items and 1button.
I started by creating table "Autentification" which contains 2 columns.

when-button pressed trigger:
declare
nb number;
begin
select count(*)into nb from authetification where pass=:auth.pass and user_name=:auth.user_name;

if nb<>0 then
call_form('...');
else
message('pass or user is false');
end if;
end;

How I can to manage the "logout" for the user ?

I need your opinion for my code and all ...

Edited by: 979155 on 20 mars 2013 17:21
  • 1. Re: Autentification interface
    HamidHelal Guru
    Currently Being Moderated
    979155 wrote:
    Hi,
    I want to create authentification interface contains two items and 1button.
    I started by creating table "Autentification" which contains 2 columns.

    when-button pressed trigger:
    declare
    v1,v2 varchar2(10);
    begin
    select user_name into v1,pass into v2 from authetification where pass=:auth.pass

    if v1 != NULL and v2 != NULL then
    call_form('...');
    else
    message('pass or user is false');
    end if;
    end;

    How I can to manage the "logout" for the user ?
    What do you mean by logout ? exit from the application or re open the login screen.. ?
    If re-open the login screen, try
    exit_form;
    open_form('login_form');
    Hope this helps

    Hamid
  • 2. Re: Autentification interface
    982158 Newbie
    Currently Being Moderated
    exit from the application ,and return to the authentication interface
  • 3. Re: Autentification interface
    HamidHelal Guru
    Currently Being Moderated
    979155 wrote:
    exit from the application ,and return to the authentication interface
    exit_form;
    New_form ('login_form');
    Hope it works..

    Hamid
  • 4. Re: Autentification interface
    982158 Newbie
    Currently Being Moderated
    is that preferably create users using create user ... or create a table like I did?
  • 5. Re: Autentification interface
    HamidHelal Guru
    Currently Being Moderated
    979155 wrote:
    is that preferably create users using create user ... or create a table like I did?
    Simple is...
    Create A TABLE with few column like. user_name,user_password,user_first_name,user_last_name.
    base on the table create a form and enter user information.
    when login check the user entered data with the table and authentication.

    Hope this helps..


    Hamid
  • 6. Re: Autentification interface
    982158 Newbie
    Currently Being Moderated
    I want the system manages the creation of passwords ,have you any suggestions ?
  • 7. Re: Autentification interface
    XeM Newbie
    Currently Being Moderated
    Hi ,

    Meth: 1
    On the block for "authentication" table create a pre-insert trigger and add this code
    if :authentication.txt_password is null then
         select round(dbms_random.value(222222,999999)) into :authentication.txt_password from dual; 
    
    end if;
    change these properties of txt_password
    Insert Allowed No
    Update Allowed No
    This will auto generate a six digit random number ranging from 222222 to 999999 you can embed random alphabets also
    if you want do so just google this function dbms_random.value.

    Meth: 2

    You can use the same logic in a trigger before insert on each row on table authentication if you dont want to create users by a form
  • 8. Re: Autentification interface
    982158 Newbie
    Currently Being Moderated
    in this case I can use "pass_words" as a primary key?
  • 9. Re: Autentification interface
    Christian Erlinger Guru
    Currently Being Moderated
    in this case I can use "pass_words" as a primary key?
    If the resulting index can be created (http://ora-01404.ora-code.com/) you could, but why would you do that? The key is the username, not the password. Also it seems that you are storing the passwords in plain text in your table which in itself is a very bad idea.

    Better store hashes of passwords you can do this with dbms_crypto:
    http://docs.oracle.com/cd/B19306_01/appdev.102/b14258/d_crypto.htm#i1002022

    Maybe also add a secret salt so you are not prone to attacks over rainbow tables:
    http://en.wikipedia.org/wiki/Rainbow_tables#Defense_against_rainbow_tables
    http://en.wikipedia.org/wiki/Salt_%28cryptography%29

    instead numbers you can generate strings with dbms_random as well:
    http://docs.oracle.com/cd/B19306_01/appdev.102/b14258/d_random.htm#i996825

    cheers
  • 10. Re: Autentification interface
    HamidHelal Guru
    Currently Being Moderated
    979155 wrote:
    in this case I can use "pass_words" as a primary key?
    Hi,
    Simple is better. Think you are not developing a public application where any one can create user name and password will auto generate and mail to the newly registered user.
    Better
    create user name and password manually and inform the user what is, his password and user name.

    and to your question password should not be primary key. User name should be.

    Hope this helps

    Hamid
  • 11. Re: Autentification interface
    982158 Newbie
    Currently Being Moderated
    Thank you all

    Edited by: 979155 on 21 mars 2013 07:42
  • 12. Re: Autentification interface
    HamidHelal Guru
    Currently Being Moderated
    979155 wrote:
    Can I use user_name as primary key because it is already used by another table as a primary key
    yes. you can.. also i want to store password as encrypted.. as christian says..

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points