10-13-2005 3:19 PM
Hellos Guys:
This is the situation, a create a table where i'll store a user id and a password. It's there a way that the field PASSWORD be encrypted? i mean, if any see the table using SE16, SE11, SE16n, etc.. will see the actual password of the created accounts.
Thanks in advance,
Carlos Lerzundy
10-13-2005 3:22 PM
10-13-2005 3:22 PM
10-13-2005 3:25 PM
Here is a sample program.
report zrich_0002.
parameters: p_pass type FIEB_ENCRYPTED_PASSWD..
data: encrypted type FIEB_ENCRYPTED_PASSWD.
data: decrypted type FIEB_ENCRYPTED_PASSWD.
call function 'FIEB_PASSWORD_ENCRYPT'
exporting
im_decrypted_password = p_pass
importing
ex_encrypted_password = encrypted.
call function 'FIEB_PASSWORD_DECRYPT'
exporting
im_encrypted_password = encrypted
importing
ex_decrypted_password = decrypted.
write:/ p_pass.
write:/ encrypted.
write:/ decrypted.
Regards,
Rich Heilman
10-13-2005 3:25 PM
10-13-2005 3:29 PM
Rich.. it seems that the FIEB_PASSWORD_DECRYPT is not working propertly, i mean, i execute your program (and test the FM in the SE37) but the encrypted data can't be decripted by that FM.
10-13-2005 3:31 PM
10-13-2005 3:32 PM
10-13-2005 3:35 PM
10-13-2005 3:35 PM
Hi Carlos,
Testing the FM with SE37 doesn't always give back the results. Are you sure that Rich's program isnn't working.
Regards,
John.
10-13-2005 3:37 PM
Yes i'm sure.. i create a report using the Rich's Code. The results are:
Password: Carlos
Encrypted: } {zyxwvutsrqponmlkjihgfedcba`_^
Decrypted:
10-13-2005 3:38 PM
10-13-2005 3:38 PM
10-13-2005 3:41 PM
Me too.. well thanks rich.. it would be the system? should i do somethin additional? Well, anyway you deserve the Problem Solved Points 😃
I continue trying to make it work.
Thanks John and Rich for your help.
Regards,
CL
10-13-2005 3:50 PM
Well, do you think that you really have to be able to decrypt it? Here is what I mean, the passwords only function would be to check that the user is allow to access something else, so if you are storing the encrypted password, do you have to check it against the decrypted version in order to check the validation.
I know, i'm confusing you.
In your program, you are throwing a screen where the user must enter a password, the are entering it as plain text, example "Carlos" when you are processing the check, encrypt it using the function module, then check the encrypted value against the encrypted value which you previously stored in the database. In my system it is always in encrypted it the same way, so you could just check the encrypted version, right? No need to ever decrypt. This way is better for security reasons anyway.
Regards,
Rich Heilman
10-13-2005 3:57 PM
You're so right! I can check the encrypted version.. i don't need to decrypted in order to compare...
Thank you so much!!
Regards from Venezuela
Carlos 😃
10-13-2005 3:58 PM