I am looking at this newsletter: https://nextcloud.com/blog/security-in-nextcloud-12-new-authentication-mechanisms/
It talks about authentication method by “Any SQL database”, but it redirects to: https://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html with no more information.
Anyone know anything more than that?
Basically, I want to authenticate with my own SQL Database.
Should work, but you might need to implement or figure out the right password hashing type.
Hello @Krischan, thanks for your answer.
Where I have to implement my hashing type?
There are many different types already in the app to choose.
If you use a SQL DB from a common php CMS (Wordpress, Joomla, Q2A etc.) it is most likely “bcrypt”, which is called “Joomla >2.5.18 phpass” in the drop down menu from this app. Try that one first
Otherwise it might be one of the others, but those are mostly very outdated.
My hashing type is in base64.
BTW, I enable the user_sql app, but I still can loggin with NextCloud users
No idea if base64 is supported, but it shouldn’t be too hard to extend the code if you have a sample from your main application that creates those hashes.
user_sql is a suplementary login system, so that is intended behaviour. I also do not see how that is bad. Just keep one admin user for emergencies (connection to external DB can fail) and otherwise get all the users from the external DB.
Just to warn you. The
base64 is not a hashing algorithm. It is an encoding, that can be easily decoded. This can be a possible security problem.
Yes, you are right @lachmanfrantisek.
Thanks for your clarification.
What about Drupal? Afaik there’s salted SHA512 used. Could that be added?
A new release was done here (and it should come back to the app store soon):
About Drupal, no idea. Maybe have a look at the code of the other encryptions if one fits? Sadly they are not named very obviously.
I’ve tested with the most recent commit. Unluckily enough I am not able to identify the spot(s) for either adding salted SHA512 or change salted SHA256 to salted SHA512 which should do the trick in my case. Can you advise?
Just installed the user_sql app, but as we stored the user name (it is an email address) in two separated columns (the local part and the domain part) and this app only have a col_username field to set, we cannot use this app to query users.
I think it will be more fixable to have a custom sql query field for the user query.
Managed to integrate Drupal 7 password verification (read-only, i.e. excluded Password updates). I’m ready to share with people interested - of course without any warranty,
Please do a pull request on the github page, or at least make an issue there and cut&paste your code.
if you use a database, which supports views (e.g. mysql, mariadb and many others) you can use a table view in order to create a table, which contains these bothe fields in one column. Build a select statement like CREATE VIEW viewname AS SELECT CONCAT(local_part,domain_part) AS email,password FROM your_table.
The use this view as your source table. This view gets dynmically updated, when the underlying table changes.
Yes! using views, it is a very good suggestion.
Just in case someone gets here via Google, there is now also this alternative: