Hi,
Im trying to insert new users in the igntion userdatabase that is managed externally. Now i'm writing a query in a script (python - perspective) and now i need to enter the password wich is hashed in some way (custom kind of algortihm i guess). I found a topic that said I need to use the Gateway sec but that is java function and I'm using python. Is there a build in funtion?
No, you're using Jython, which allows you to import Java Classes.
I don't know what you mean by "Gateway sec".
here is the topic i found -> Hash algorithm for storing password in internal DB. Can you tell me how to import the class with a quick example or so?
If you read that whole topic you will find that it isn't applicable to user databases. I'm not sure what is, actually, but it isn't that.
You'll probably need to implement something like bcrypt, scrypt, or pbkdf2 for a properly salted and hashed password so that it's properly and securely stored, otherwise, just hashing is easier to crack/attack since there's no salting involved. I may have some example code I've used previously in my office when I get there that I can share (I just don't recall if it was in Ignition that I used it or if it was for a PHP project for a website I did).
Just some extra info, is that salting adds randomness to the hashing by essentially appending/prepending a random salt string to the password. This salt is stored as part of the hash in essentially plain text, but it prevents 2 users with the same password from having matching hashes. This also prevents hackers from using rainbow/lookup tables that have known password/hash combinations, since the salt is unique every time the password is stored/changed even if the password is the same as before, the stored hash will be different.
None of my clients use a database user source, so I haven't poked at it myself. I'm curious what salting/hashing method IA uses in Automatic mode. (Obviously, manual mode is entirely up to the user.)
In automatic mode it's SHA1 (base64 encoded, no salt), in expert/manual mode it's controlled externally, but must be something you can manage in an auth query.
External user DBs are old and crusty.
1 Like
If i encode to SHA1, ord base64 i get a totally diffrent output then the rest of the accounts who have (for now) the same password
- when i create a user using the gateway: try1234 -> QMbmrtPC9+Pdel+OnaUaTq+m04A=
- python using base64: try1234 -> RkBicmljb20wMQ==
Is this a DB automatic user profile? What does your code to SHA1+base64 look like?
Please use formatted text blocks instead of screenshots.
It doesn't look like any of your attempts are doing both sha1 followed by base64 encode.
Yess got it, I didn't understood you have to combine both, sorry ... thanks a lot!