UserFile passwords

Yahoo Archive
1
E9 uses the Progress ABL Encode function for password storage. It's not clear what the algorithm is (which is annoying), but it emits a 16-character (I think ASCII) non-reversable hash.

To use it directly, you would have to hash your password using ABL and then compare to the stored value. But that's not feasible for many projects. It might be easier to use one of the E9 .NET client objects to just validate the login (and then continue processing through whatever code).

FWIW, Ice3 uses SHA256 and the candidate password is salted before being hashed and put on the wire.

-Erik

--- In vantage@yahoogroups.com, "Anon" <jgiese@...> wrote:
>
> what is the encryption method used on the passwords in userfile. Want to authenticate against from an external system.
>
2
what is the encryption method used on the passwords in userfile. Want to authenticate against from an external system.
3
I've never been able to get that out of anyone at Epicor. If anyone knows
I'd be curious to hear as well.

*John Driggers*
**
*Chief Data Wrangler*
*
*
*I have an Epicor blog <http://usdoingstuff.com/>. How useful is that?*
*
*:: 904.404.9233
:: waffqle@...
:: http://www.usdoingstuff.com <http://www.usdoingstuff.com/>

*

*



On Tue, Jul 31, 2012 at 2:17 PM, Anon <jgiese@...>wrote:

> **
>
>
> what is the encryption method used on the passwords in userfile. Want to
> authenticate against from an external system.
>
>
>


[Non-text portions of this message have been removed]
4
I've authenticated against it using the DLL's or Web Services.


*Jose C Gomez*
*Software Engineer*
*
*
*
*T: 904.469.1524 mobile
E: jose@...
http://www.josecgomez.com
<http://www.linkedin.com/in/josecgomez> <http://www.facebook.com/josegomez>
<http://www.google.com/profiles/jose.gomez> <http://www.twitter.com/joc85>
<http://www.josecgomez.com/professional-resume/>
<http://www.josecgomez.com/feed/>
<http://www.usdoingstuff.com>

*Quis custodiet ipsos custodes?*



On Tue, Jul 31, 2012 at 3:46 PM, John Driggers <waffqle@...> wrote:

> I've never been able to get that out of anyone at Epicor. If anyone knows
> I'd be curious to hear as well.
>
> *John Driggers*
> **
> *Chief Data Wrangler*
> *
> *
> *I have an Epicor blog <http://usdoingstuff.com/>. How useful is that?*
> *
> *:: 904.404.9233
> :: waffqle@...
> :: http://www.usdoingstuff.com <http://www.usdoingstuff.com/>
>
> *
>
> *
>
>
>
> On Tue, Jul 31, 2012 at 2:17 PM, Anon <jgiese@...
> >wrote:
>
> > **
> >
> >
> > what is the encryption method used on the passwords in userfile. Want to
> > authenticate against from an external system.
> >
> >
> >
>
>
> [Non-text portions of this message have been removed]
>
>
>
> ------------------------------------
>
> Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
> have already linked your email address to a yahoo id to enable access. )
> (1) To access the Files Section of our Yahoo!Group for Report Builder and
> Crystal Reports and other 'goodies', please goto:
> http://groups.yahoo.com/group/vantage/files/.
> (2) To search through old msg's goto:
> http://groups.yahoo.com/group/vantage/messages
> (3) To view links to Vendors that provide Vantage services goto:
> http://groups.yahoo.com/group/vantage/linksYahoo! Groups Links
>
>
>
>


[Non-text portions of this message have been removed]
5
Anyone want to take bets, they won't tell because it's reversible lol!

Couldn't they just use HASHTYPE or something ahhhh no it all runs through progress that's right...

--- In vantage@yahoogroups.com, John Driggers <waffqle@...> wrote:
>
> I've never been able to get that out of anyone at Epicor. If anyone knows
> I'd be curious to hear as well.
>
> *John Driggers*
> **
> *Chief Data Wrangler*
> *
> *
> *I have an Epicor blog <http://usdoingstuff.com/>. How useful is that?*
> *
> *:: 904.404.9233
> :: waffqle@...
> :: http://www.usdoingstuff.com <http://www.usdoingstuff.com/>
>
> *
>
> *
>
>
>
> On Tue, Jul 31, 2012 at 2:17 PM, Anon <jgiese@...>wrote:
>
> > **
> >
> >
> > what is the encryption method used on the passwords in userfile. Want to
> > authenticate against from an external system.
> >
> >
> >
>
>
> [Non-text portions of this message have been removed]
>
6
>
> I've authenticated against it using the DLL's or Web Services.
>

Same as Jose. Create a session object, get what you need, release it
back to the system.

Mark W.
7
I'm trying to do it from a php script, that's where I'm a bit hung

--- In vantage@yahoogroups.com, Mark Wonsil <mark_wonsil@...> wrote:
>
> >
> > I've authenticated against it using the DLL's or Web Services.
> >
>
> Same as Jose. Create a session object, get what you need, release it
> back to the system.
>
> Mark W.
>
8
You can call the webservices from PHP with the SOAP Libraries.

*Jose C Gomez*
*Software Engineer*
*
*
*
*T: 904.469.1524 mobile
E: jose@...
http://www.josecgomez.com
<http://www.linkedin.com/in/josecgomez> <http://www.facebook.com/josegomez>
<http://www.google.com/profiles/jose.gomez> <http://www.twitter.com/joc85>
<http://www.josecgomez.com/professional-resume/>
<http://www.josecgomez.com/feed/>
<http://www.usdoingstuff.com>

*Quis custodiet ipsos custodes?*



On Tue, Jul 31, 2012 at 4:28 PM, Anon <jgiese@...>wrote:

> **
>
>
> I'm trying to do it from a php script, that's where I'm a bit hung
>
>
> --- In vantage@yahoogroups.com, Mark Wonsil <mark_wonsil@...> wrote:
> >
> > >
> > > I've authenticated against it using the DLL's or Web Services.
> > >
> >
> > Same as Jose. Create a session object, get what you need, release it
> > back to the system.
> >
> > Mark W.
> >
>
>
>


[Non-text portions of this message have been removed]