Password Reset

system · October 22, 2003, 9:10pm

Though it a very old question, how to reset the password (not knowing the old password) without using Supervisor?

I saw few threads discussing about this, and tools doing this stuff. Want to know how they are doing? Is it by using SDK? Or direct repository update using SQL? Does BO support if repository is updated using direct SQL?

Thanks for your inputs.

ramanas (BOB member since 2003-08-12)

system · October 22, 2003, 9:14pm

Yes, if you do a search on BOB you should be able to find the SQL code.

No, ususally you will void any support from BO if you choose to directly manipulate the BO Repository.

Andreas (BOB member since 2002-06-20)

system · October 22, 2003, 9:17pm

Andreas,

So you mean to say, people who use third party tools or any password reset tools, don’t take product support from BO?

I got the SQL, but wondering is it the only way to do. BO should have provide in their object model

ramanas (BOB member since 2003-08-12)

system · October 22, 2003, 9:20pm

That would be a massive security breach. 8) The password is encrypted with a hashing algorithm. Somewhere in the code is the “key” to that hash. Without that key, the could not decrypt the password. And I know that they are decrypting the password because you can snag it from the Supervisor screens with proper software.

But to make the password encryption available via the SDK would, in my opinion, present a security problem. So I believe that it is a good thing that you can’t fix a password problem via that route.

That is, BTW, why they nag you about creating a back-up general supervisor. Just for this very reason.

Dave Rathbun (BOB member since 2002-06-06)

system · October 22, 2003, 9:21pm

Check the Designer FAQ. I think it is in there.

Cindy Clayton (BOB member since 2002-06-11)

system · October 22, 2003, 9:25pm

?? I really didn’t get. Can you be more elaborate please.

ramanas (BOB member since 2003-08-12)

system · October 22, 2003, 9:28pm

I mean the Supervisor FAQ. It is here.

[Edit] More specifically, here [/Edit]

Cindy Clayton (BOB member since 2002-06-11)

system · October 23, 2003, 2:54am

Dave ,

I think they used it in the ChangePassword method of the SDK. might be for Session Class.

ramanas (BOB member since 2003-08-12)

system · October 23, 2003, 3:40am

Yeah but one need to know the Old Password to set a New Password.

Sri

Sridharan (BOB member since 2002-11-08)

system · October 24, 2003, 6:22pm

You can null out the password (via SQL) and then set a new one using whatever method you decide to use. Any direct manipulation of the repository (or direct access to the repository for that matter) can really be considered a security breach as well.

If you REALLY need to know how BO encrypts, I believe they are using DEC5 encryption. Probably doesn’t help a whole lot, but there it is.

-RM

digpen (BOB member since 2002-08-15)