• Post Reply Bookmark Topic Watch Topic
  • New Topic

Using Java and MariaDB  RSS feed

 
Abigail Rosemond
Greenhorn
Posts: 13
Android Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Side Note: I have a question similar to this one posted here: https://coderanch.com/t/671563/Understanding-Thunderbird-Master-Password. I would kindly ask the admins to remove it. I re-wrote it to fit the general forum, as I wasn't getting any answers in the other forum.

Let's say I have a Java application with MariaDB at the back end for storage. Like Thunderbird, I want to store user passwords, and set a master password. My question is, what exactly is Thunderbird doing when I say set master password? Is it doing something along the lines of this:



Is it setting the root password of the database file using the Thunderbird interface? or something else entirely?
When I set a master password, I won't be able to query the database correct? I would have to know the master password before I do any type of interaction?
 
Mat Falk
Greenhorn
Posts: 8
1
Netscape Notepad Windows Vista
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am not sure, what Thunderbird uses, but it should be similar to what Firefox does.

When you look at %APPDATA%\Mozilla\Firefox\Profiles\profilename
you will see among other things some sqlite files, some db files and some json files.

The passwords for the pages are saved in logins.json. The decryption will be probably done by some key like when using PGP but I don't know if it uses the windows authentification system or a key file.
It would feel a bit strange to me if it just changed the root password for a local database file. The data should be encrypted instead.

If you want to manage user authentification or passwords with MariaDB you will probably want to store and use authentification data (salt + password hash) in your own table instead of letting the database connection table handle the security.
 
Abigail Rosemond
Greenhorn
Posts: 13
Android Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Mat Falk wrote:I am not sure, what Thunderbird uses, but it should be similar to what Firefox does.

When you look at %APPDATA%\Mozilla\Firefox\Profiles\profilename
you will see among other things some sqlite files, some db files and some json files.

The passwords for the pages are saved in logins.json. The decryption will be probably done by some key like when using PGP but I don't know if it uses the windows authentification system or a key file.
It would feel a bit strange to me if it just changed the root password for a local database file. The data should be encrypted instead.

If you want to manage user authentification or passwords with MariaDB you will probably want to store and use authentification data (salt + password hash) in your own table instead of letting the database connection table handle the security.


Many thanks for your reply. I really that, as I've posted this question on other forums, and believe it or, you're the first to give a solid answer.

According to the Mozilla wiki:

it stores the passwords unencrypted in a database file in the profile.


Which gives me the idea that they created a default user, granted certain permissions, which enables you to set/edit the master password as shown the MariaDB link. However I could be wrong.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!