某一天debug Tiptop GP 5.X 的 webpass.4gl程式看到了一個不該看到的東西
深深的有一種罪惡感
既然看都看了就讓看了這個代碼所有的觀眾都一起來罪惡吧!
情景:Tiptop GP 5.x 本身對所有用戶的密碼都進行了加密
因此,即使用PL/SQL看Oracle資料庫裏面的信息也看不到用戶本身的用戶密碼,如下:
既然,密碼是密文,那User登錄系統就要驗證密文了,怎麼驗證了?密文可逆?密文不可逆?
非常高興的告訴你,鼎新人員對密碼加密算法是可逆的,解密函數就是cl_uszx_10decod()
如此,客至新的查詢程式p_pwdq(GP用戶密碼找回查詢)用於給user找回密碼
p_pwdq 的per檔源碼:
---------------------------------------------------------------------------------- -- $Id: p_pwdq.per created Thu Jun 28 17:06:27 2012 -- File created from p_pwdq.4fd by Genero Studio 11401 -- Copyright (c) 2002-2007 Four J's Development Tools. All rights reserved. ---------------------------------------------------------------------------------- -- WARNING! All changes made in this file will be lost! ---------------------------------------------------------------------------------- SCHEMA ds LAYOUT( TEXT="p_pwdq") VBOX vb3 FOLDER pc2 PAGE page1( TEXT="Main", IMAGE="login") GRID gr3 { UserID [aa0 ] UserName [aa1 ] Department [aa2 ] Password [aa3 ] DPassword [aa4 ][aa5 ][aa6 ] ToMD5 [aa7 ][ ][ ] Email [aa8 ] } END -- GRID END -- PAGE END -- FOLDER GRID gr4 { ------ Row[aa9 ]/[ab0 ] ------ } END -- GRID END -- VBOX END ATTRIBUTES BUTTONEDIT aa0=FORMONLY.zx01 TYPE VARCHAR, ACTION=controlp, IMAGE="zoom", REQUIRED, TABINDEX=3; BUTTONEDIT aa1=FORMONLY.zx02 TYPE VARCHAR, ACTION=controlp, IMAGE="zoom", TABINDEX=4; BUTTONEDIT aa2=FORMONLY.zx03 TYPE VARCHAR, ACTION=controlp, IMAGE="zoom", TABINDEX=5; EDIT aa3=FORMONLY.zx10 TYPE VARCHAR, NOENTRY, TABINDEX=6; EDIT aa4=FORMONLY.zx10dcode TYPE VARCHAR, COLOR=RED, NOENTRY, TABINDEX=7; IMAGE aa5=FORMONLY.imgmksg; IMAGE aa6=FORMONLY.imglove; EDIT aa7=FORMONLY.zx10md5 TYPE VARCHAR, COLOR=BLUE, NOENTRY, TABINDEX=8; EDIT aa8=FORMONLY.zx09 TYPE VARCHAR, NOENTRY, TABINDEX=9; EDIT aa9=FORMONLY.cnt, NOENTRY, TABINDEX=1; EDIT ab0=FORMONLY.cn2, NOENTRY, TABINDEX=2; END