A little help with password hashes

This forum is for programmers who have questions about the source code.
Post Reply
User avatar
wjstarck
Posts: 936
Joined: Tue Jul 31, 2007 7:18 am
Location: Keller, TX
Contact:
Contact wjstarck

A little help with password hashes

Post by wjstarck » Mon Jan 22, 2024 5:31 pm

Hello-

I have a service that needs to do some database work on my tables. So, I need to grab the OD connection string in order to connect to the database.

I'm reading the hashed password located in FreeDentalConfig.xml and decrypting it to build my connection string like so:

Code: Select all

                            case "MySQLPassHash":
                                mySQLPassword = reader.ReadString();
                                string decryptedPassword;
                                CDT.Class1.Decrypt(mySQLPassword, out decryptedPassword);
                                mySQLPassword = decryptedPassword;
                                break;
When I run this code in the debugger, it works just fine. In a regular OD install, not so much.

I notice that the hashed passwords that get written to FreeDentalConfig.xml are different -

In the debugger, the result is:

Code: Select all

 <MySQLPassHash>mFvldBb0BOw4HgtwwOWehQ==</MySQLPassHash>
This decrypts just fine.

While in the live OD version, the result is :

Code: Select all

   <MySQLPassHash>odv2e$vnJc7NZDVMwQ0cem/5eKvw==</MySQLPassHash>
My code just returns an empty string.

The test password I am using is Jimpy919@

I notice in the preferences table there are two rows

ArchivePassHash
DatabaseIntegritiesWhitelist

which both contain the

odv2e$vnJc7NZDVMwQ0cem/5eKvw==

string.

If I delete these two strings from the preferences table, OD puts them right back in .

I've also tried

Code: Select all

connectionString = DataConnection.GetCurrentConnectionString();
But that returns nulll.

Any help sorting this out is greatly appreciated.
Cheers,

Bill Starck, DDS
Big Idea Software, LLC
Developer, EASy(Electronic Anesthesia System) for Open Dental
817-807-1709
TX, USA
Top
User avatar
jsalmon
Posts: 1555
Joined: Tue Nov 30, 2010 12:33 pm
Contact:
Contact jsalmon

Re: A little help with password hashes

Post by jsalmon » Tue Jan 23, 2024 9:09 am

Back around 2018 or 2019 someone made an external application that used our libraries to get the MySQL password from the FreeDentalConfig.xml file like you are requesting and a lot of people got hot and bothered by that. You can no longer use our libraries like this in order to get access to the MySQL password. Open Dental or one of our services are the only ones that are 'trusted' in official releases of the software.

Maybe your plug-in (that is running from Open Dental, a trusted source) can let your service know the password somehow? That or your users will have to let your service know the password somehow much like how they let Open Dental know what the password is.
The best thing about a boolean is even if you are wrong, you are only off by a bit.

Jason Salmon
Open Dental Software
http://www.opendental.com
Top
User avatar
wjstarck
Posts: 936
Joined: Tue Jul 31, 2007 7:18 am
Location: Keller, TX
Contact:
Contact wjstarck

Re: A little help with password hashes

Post by wjstarck » Tue Jan 23, 2024 9:54 am

Ahh, OK, no wonder. :shock:

Not a biggie, I'll just have them enter their MySQL username and password on our service controller form.

Thanks as always, Jason.
Cheers,

Bill Starck, DDS
Big Idea Software, LLC
Developer, EASy(Electronic Anesthesia System) for Open Dental
817-807-1709
TX, USA
Top
Post Reply

Return to “Developers”