Labels

Friday, June 24, 2011

Simple way to store password in database

Imagine, you want to store user password to access external NAV portal, and no one must see it.
You can, of course, set the property to PasswordText  = Yes on the form. But, what if the user press Ctrl + F8 to view fields inside the table? ...
So, let's write a little function to store protected password text.

Password - OnValidate()
Password := EncodeDecode(Password);



EncodeDecode(String : Text[30]) : Text[30]
FOR i := 1 TO STRLEN(String) DO
BEGIN
  Ch := String[i];
  Pass[i] := 255-Ch;
END;
EXIT(Pass);

So, you can use this function not only for encoding text, but also for decoding.

But, what if the user validate already encoded text value (just entered the field and pressed F2, then exited the field)? Then, he would see the the decoded password value... )
In my point of view - you can compare the value of char with the range '0'..'9' and 'A'..'z' (see your local ascii codepage) when encoding password. So, this way you can check if user tries to decode encoded password with the same function.


Password - OnValidate()
Password := Encode(Password);


Password - OnLookup()
MESSAGE(Decode(Password));


Encode(String : Text[30]) : Text[30]
FOR i := 1 TO STRLEN(String) DO
BEGIN
  Ch := String[i];
  IF (Ch < 32) OR ((Ch > 127) AND (Ch < 192)) THEN ERROR(errmsg);
  Pass[i] := 255-Ch;
END;
EXIT(Pass);


Decode(String : Text[30]) : Text[30]
FOR i := 1 TO STRLEN(String) DO
BEGIN
  Ch := String[i];
  Pass[i] := 255-Ch;
END;
EXIT(Pass);

1 comment:

Jeff Landeen said...

Have you looked into using any of the encryption techniques that are available in C#/.NET? Overtime users may catch onto your cypher.

In NAV 2009 R2 you can now access .Net objects and classes from NAV and there is a System.Security.Cryptography Namespace that provides a lot of strong encryption functionality.