Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

Integrating User Authentication

3 posts in General Discussion Last posting was on 2006-07-14 03:57:42.0Z
Cameron Taggart Posted on 2006-07-13 19:56:44.0Z
From: Cameron Taggart <cameron.taggart@gmail.com>
User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
MIME-Version: 1.0
Newsgroups: ianywhere.public.general
Subject: Integrating User Authentication
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Original-NNTP-Posting-Host: a-129-196-228-75.ext.fluke.com
Message-ID: <44b6a3f4$1@forums-2-dub>
X-Original-Trace: 13 Jul 2006 12:50:12 -0700, a-129-196-228-75.ext.fluke.com
Lines: 15
X-Original-NNTP-Posting-Host: forums-2-dub.sybase.com
X-Original-Trace: 13 Jul 2006 12:50:14 -0800, forums-2-dub.sybase.com
NNTP-Posting-Host: forums-master.sybase.com
X-Original-NNTP-Posting-Host: forums-master.sybase.com
Date: 13 Jul 2006 12:56:44 -0700
X-Trace: forums-1-dub 1152820604 10.22.108.75 (13 Jul 2006 12:56:44 -0700)
X-Original-Trace: 13 Jul 2006 12:56:44 -0700, forums-master.sybase.com
X-Authenticated-User: ngsysop
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:5509
Article PK: 1548

I'm trying to integrate user authentication from a Java web application with iAnywhere 8. The users and passwords are
already in the database. To check passwords, I currently try establishing a connection with the username and password.
This works, but establishing connections is slow. To improve performance, it would be nice to execute a prepared
statement something like:

select 1 from sysuserperm where user_name = ? and password = hash( ? )

From what I found on the Internet, there is a hash function in iAnywhere 9 and above. That doesn't help me. I assume
the value in the password column is a one-way hash. Is it a standard one-way hash or it completely proprietary? I do
not know of any one way hashes that have 288 bit (36 byte) digests. At least there aren't any listed in The Hashing
Function Lounge: http://paginas.terra.com.br/informatica/paulobarreto/hflounge.html

If the hash algorithm is proprietary, how come?

Cameron


Reg Domaratzki (iAnywhere Solutions) Posted on 2006-07-13 20:29:04.0Z
From: "Reg Domaratzki \(iAnywhere Solutions\)" <FirstName.LastName@ianywhere.com>
Newsgroups: ianywhere.public.general
References: <44b6a3f4$1@forums-2-dub>
Subject: Re: Integrating User Authentication
Lines: 39
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
X-RFC2646: Format=Flowed; Response
X-Original-NNTP-Posting-Host: rdomarat-xp.sybase.com
Message-ID: <44b6ab89$1@forums-2-dub>
X-Original-Trace: 13 Jul 2006 13:22:33 -0700, rdomarat-xp.sybase.com
X-Original-NNTP-Posting-Host: forums-2-dub.sybase.com
X-Original-Trace: 13 Jul 2006 13:22:34 -0800, forums-2-dub.sybase.com
NNTP-Posting-Host: forums-master.sybase.com
X-Original-NNTP-Posting-Host: forums-master.sybase.com
Date: 13 Jul 2006 13:29:04 -0700
X-Trace: forums-1-dub 1152822544 10.22.108.75 (13 Jul 2006 13:29:04 -0700)
X-Original-Trace: 13 Jul 2006 13:29:04 -0700, forums-master.sybase.com
X-Authenticated-User: ngsysop
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:5510
Article PK: 1549

Yes, it's a one-way hash, but we don't go out of way to tell anyone what it
is, so it might be standard or it might be proprietary.

--
Reg Domaratzki, Sybase iAnywhere Solutions
Sybase Certified Professional - Sybase ASA Developer Version 8
Please reply only to the newsgroup

iAnywhere Developer Community : http://www.ianywhere.com/developer
iAnywhere Documentation : http://www.ianywhere.com/developer/product_manuals
ASA Patches and EBFs : http://downloads.sybase.com/swd/base.do
-> Choose SQL Anywhere Studio
-> Set filter to "Display ALL platforms IN ALL MONTHS"

"Cameron Taggart" <cameron.taggart@gmail.com> wrote in message
news:44b6a3f4$1@forums-2-dub...
> I'm trying to integrate user authentication from a Java web application
> with iAnywhere 8. The users and passwords are already in the database.
> To check passwords, I currently try establishing a connection with the
> username and password. This works, but establishing connections is slow.
> To improve performance, it would be nice to execute a prepared statement
> something like:
>
> select 1 from sysuserperm where user_name = ? and password = hash( ? )
>
> From what I found on the Internet, there is a hash function in iAnywhere 9
> and above. That doesn't help me. I assume the value in the password
> column is a one-way hash. Is it a standard one-way hash or it completely
> proprietary? I do not know of any one way hashes that have 288 bit (36
> byte) digests. At least there aren't any listed in The Hashing Function
> Lounge:
> http://paginas.terra.com.br/informatica/paulobarreto/hflounge.html
>
> If the hash algorithm is proprietary, how come?
>
> Cameron


Greg Fenton Posted on 2006-07-14 03:57:42.0Z
From: Greg Fenton <greg.fenton_nospam_@googles-mail-site.com>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: ianywhere.public.general
Subject: Re: Integrating User Authentication
References: <44b6a3f4$1@forums-2-dub>
In-Reply-To: <44b6a3f4$1@forums-2-dub>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Original-NNTP-Posting-Host: cpe00096b10fe8a-cm000f212f9e50.cpe.net.cable.rogers.com
Message-ID: <44b714a9$1@forums-2-dub>
X-Original-Trace: 13 Jul 2006 20:51:05 -0700, cpe00096b10fe8a-cm000f212f9e50.cpe.net.cable.rogers.com
Lines: 18
X-Original-NNTP-Posting-Host: forums-2-dub.sybase.com
X-Original-Trace: 13 Jul 2006 20:51:08 -0800, forums-2-dub.sybase.com
NNTP-Posting-Host: forums-master.sybase.com
X-Original-NNTP-Posting-Host: forums-master.sybase.com
Date: 13 Jul 2006 20:57:42 -0700
X-Trace: forums-1-dub 1152849462 10.22.108.75 (13 Jul 2006 20:57:42 -0700)
X-Original-Trace: 13 Jul 2006 20:57:42 -0700, forums-master.sybase.com
X-Authenticated-User: ngsysop
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:5512
Article PK: 1551


Cameron Taggart wrote:
> I'm trying to integrate user authentication from a Java web application
> with iAnywhere 8. The users and passwords are already in the database.
> To check passwords, I currently try establishing a connection with the
> username and password. This works, but establishing connections is
> slow. To improve performance, it would be nice to execute a prepared
> statement something like:

Web applications typically establish one dedicated user for connections
to the database and implement users/passwords in their own user tables.
They don't typically use database users/passwords for just the reason
you have run into: logging into the database is an expensive (i.e. takes
time) operation.

g.f
--
Greg Fenton
Some Random Dude