After using the CREATE USER command to create a user, what command can be used to obtain the new user's password?
I don't think you can somehow return the password of any user in the NebulaGraph database. You can set the password for a user when creating it, for example CREATE USER user1 WITH PASSWORD 'nebula', or reset the password with the GOD role after the user is created, for example ALTER USER user1 WITH PASSWORD 'nebulagraph';.
Related
I'm working on a Node js project using Firebase. Currently, I store several User fields in the database under their email address. (Users > Email Address > (five different fields)). One of these fields is the user's password.
In my Reset Password workflow, I have Firebase send the User a reset password email. After the user goes through the link in that email, they successfully change their password and can now log in with their new password. My question is how can I grab that new password, and update the Users > Email Address > password field in my database right away? Currently, this field is holding the old password that doesn't have any use any longer.
I don't believe we will need this field for the project, but I want to keep it updated for now in case another member on my team needs it. Thank you
My question is how can I grab that new password, and update the Users
-> Email Address -> password field in my database right away?
By using the standard reset password email mechanism proposed by Firebase you cannot "grab" the password.
You would need to implement your own mechanism as explained in the "Create custom email action handlers" page in the doc.
As evocated by #Kiran in his comment, storing users' passwords in your Firebase DB (Firestore or the RTDB) can be dangerous: you should take care that they cannot be read by some malicious users, typically by using security rules.
It can make sense, from a specific business/admin/organisational reason, to store users' password in a Firebase DB but then you should correctly protect them.
After I establish and user and set their password, is there a way to have users reset their passwords on login? I'd like the password I set for them to be temporary.
Thanks!
When you sign up your user, make something that says that their password is temporary (such as a field in the database that's an int with either 0 or 1). When they log in, it should check the field for if the password is temporary, and if it is, then ask them for their real password and use the UPDATE statement to update their password. If it isn't, continue normally.
I can create users in Firebase using email and password.But there's now way I can change the password of that user using database. How can I get this done?
Update User Password (must be authenticated).
My client requirement for the password recovery is,
when user enters his email/username, system will email him a unique link. In users email, when the user will click the link,
system will take the user to the change password page. User will type a new password and his password will be changed.
Any idea how to do this??
Right now the change password page is only accessable for the logged in users. How do I let a user in to the page by a external link click?
This is a kind of a "Password change process":
Create a database table with the userId, createDate, closeDate, and a UUID
send the mail with a link to your page that has the uuid from the prcoess database table
if the user enters the page you check if the process is still open (closeDate is null)
user can change password
you set the closeDate
First check the user Email IF it exists then send him/her a unique email of the link
Example:
link : http:\\www.abc.com\passwordrecovery.aspx?ID="+Guid.NewID()
In this way you will send a unique email to every user also store this ID in the user table so when the user click the link you will be able to verify sender.
On your Password Recovery Page Check the value of Query String variable ID
and matched the ID of the user in the database if they are equal then show the password page of the required user.
Hope you understand it.
In your link use a unique indentifier as the query string. Intercept the params on your page load event and look in the database if there is a match.
I am using active directory in my ASP.NET project and whenever user register in the site,an account is created in AD. There is an Forgot Password link.Is it possible to get user password from AD.I can get the name or email, but I don't know if I can get the password.
That is impossible. I would suggest that you do not implement 'forgot password' functionality, but rather 'reset password'. You generate a new password, reset the password in Active Directory and send the new password to the user.
EDIT: Based on the information in your comment. First of all, it is a very bad idea to use an administrator account the way you use it now, with the account name and password as part of your code. You're running an ASP.NET site, so you should configure the application pool to run with this account.
Second, you should simply create a DirectoryEntry with the correct path and reset the password. I'm not sure what your oEntry is:
var userEntry = new DirectoryEntry(
"LDAP://CN=SomeUser,OU=Users,DC=yourdomain,DC=com");
using (userEntry)
{
userEntry.Invoke("SetPassword", new object[] { "NewPassword" });
userEntry.CommitChanges();
}
It is impossible to get existing password for users from active directory since it is hashed with sid. But you can get new password that are going to set for users in AD. For that you need to register a password filter in every domain controller. Whenever password change request come to dc it will invoke registered password filter on both pre , post password change to User.
Refer link
https://msdn.microsoft.com/en-us/library/windows/desktop/ms721882(v=vs.85).aspx