I want to do something like SO does with DisplayName. When someone does not enter a DisplayName, I want to default this to 'User' + UserId. So the first user who signs up would get User1 - since UserId will be 1, the second User2 - since UserId will be 2, and so on.
The easiest way I can think of doing this is using a trigger, but I don't like triggers. I could save the user, then update the user after the save (basically a trigger, but done in my code). Any other ideas on how I can handle this? Is there a way I can set the default value on the column in the database?
I am using Asp.Net MVC 2, C# 4, EF4, and SQL Server 2008.
Select Coalesce(DisplayName, 'User' + Cast(UserID as varchar)) as UserName
You can set the user name in the stored procedure. if a user name has been passed to stored procedure, simply save it. otherwise, get the primary key id of the last entered user and add 1 to it. format it to whatever you like (e.g. User + newID) and save this as the new user's user name.
You can have a computedColumn
[UserName] AS ('User' + CAST(UserID AS VARCHAR)) PERSISTED
I would be inclined to generate it before saving to the database. No input = make one up.
I also would not have user User1, User2, ... but user+random: user6238945, user9287561, user8934678, etc
If you use 1, 2, 3, 4 etc then you are exposing an internal sequence. If someone gets "user4" then I know other users 1 to 3 exist, as well as number 5. This exposure was used many years by AOL or Compuserve (?) for phishing attacks.
Related
PD:Some names are in Spanish, sorry.
I have a table containing columns Usuario and Contraseña.
For each one it will be necessary to determine: login user (unique in the system and identification) and access password (which must contain 5 letters and 2 numbers - exact length 7). Consider that the login name must have exactly 10 characters
The table created is as follows:
CREATE TABLE Empleado
(
Usuario varchar(10) NOT NULL UNIQUE
CHECK(LEN([Usuario]) = 10),
Contraseña varchar(7) NOT NULL
CHECK (LEN([Contraseña]) = (7) AND [Contraseña] LIKE '%[0-9]%' AND [Contraseña] LIKE '%[A-Z]%')
)
And the data is inserted like this:
INSERT INTO Empleado (Usuario, Contraseña)
VALUES ('santiago21', 'qwerty1')
INSERT INTO Empleado (Usuario, Contraseña)
VALUES ('FaaacuuUwU', 'qwertY1')
The problem is that the second insert should take it, but the first one should not, which it DOES NOT DO.
Does anyone know how I should do it? Thank you.
We can take advantage of SQL Server's enhanced LIKE operator here:
CREATE TABLE Empleado (
Usuario varchar(10) NOT NULL UNIQUE CHECK(LEN([Usuario]) = 10),
Contraseña varchar(7) NOT NULL CHECK (
LEN([Contraseña]) = 7 AND
[Contraseña] LIKE '%[0-9]%[0-9]%' AND -- 2 numbers
[Contraseña] LIKE '%[A-Za-z]%[A-Za-z]%[A-Za-z]%[A-Za-z]%[A-Za-z]%') -- 5 letters
)
);
Edit:
In general you should not be storing clear text passwords in your database. The reason for this is that should anyone (internal or external) gain access to your Empleado table, they would get access to every credential in your entire system.
Instead, a much safer approach would be to first irreversibly hash every password and then store the hash. Then, in the unlikely event that someone undesirable might gain access to your table, they wouldn't get passwords, just usernames with some gibberish password hashes that they couldn't easily back out to the original passwords.
I'm creating a new report (*.rdl), and there I want to add username who runs the script (insert).
I've tried on VS2008 through "built-in-fields" function which is "User ID", but it didn't work:
CREATE TABLE #Some_Table
(
Plan_date date null,
Plan_customer int null,
creator_id nvarchar(55) null
)
INSERT INTO Some_Table
(
[Plan_date] ,
[Plan_customer],
[creator_id]
)
SELECT
#p_plan_monthly,
#p_plan_clients,
#creator_id ="user id" --from built-in-fields
Expected result is: Column creator_id is filling with value of username from active directory who made insert through my report.
To reiterate my comment, as it's is incredibly important:
"You need to use a different account to access your data #whitefang. The sa account should never be used for something as mundane as a report. In truth it should never be used unless you really need sysadmin privileges, or you're doing something like recovering the server. You should have a service account that can do the respective tasks it needs to. If you can suffer injection through those reports, you're service is like an open book to whomever has access."
Now, onto your problem. I would add a further internal parameter on your report. Change the value of the parameter to have the default value of =User!UserID; this will be the ID of the user running the report (perhaps something like StackOverflow\Larnu).
Then map that report parameter to your dataset parameter #creator_id and change your INSERT statement to:
INSERT INTO Some_Table ([Plan_date],
[Plan_customer],
[creator_id])
VALUES (#p_plan_monthly, #p_plan_clients, #creator_id);
Q: "and there I want to add username who runs the script (insert)"
You can use these functions.
-- database user name
SELECT USER_NAME()
-- login identification name
SELECT SUSER_NAME()
I have a requirement to pull data in a specific format and I'm struggling slightly with the ROWTOCOL function and was hoping a fresh pair of eyes might be able to help.
I'm using 10g Oracle DB (10.2) so LISTAGG which appears to do what I need to achieve is not an option.
I need to aggregate a number of usernames into a string delimited with a '$' but I also need to concatenate another column to to build up email addresses.
select
rowtocol('select username_id from username where user_id = '||s.user_id|| 'order by USERNAME_ID asc','#'||d.domain_name||'$')
from username s, domain d
where s.user_id = d.user_id
(I've simplified the query specific to just this function as the actual query is quite large and all works except for this particular function.)
in the DOMAIN Table I have a number of domains such as 'hotmail.com','gmail.com' etc
I need to concatenate the username, an '#' symbol followed by the domain and all delimited with a '$'
such as ......
joe.bloggs#gmail.com$joeblogs#gmail.com$joe_bloggs#gmail.com
I've battled with this and I've got close but in reverse?!.....
gmail.com$joe.bloggs#gmail.com$joeblogs#gmail.com$joe_bloggs
I've also noticed that if I play around with the delimiter (,'#'||d.domain_name||'$') it has a tendency to drop off the first character as can be seen above the preceding '#' has been dropped from the first email address.
Can anyone offer any suggestions as to how to get this working?
Many Thanks in advance!
Assuming you're using the rowtocol function from OTN, and have tables something like:
create table username (user_id number, username_id varchar2(20));
create table domain (user_id number, domain_name varchar2(20));
insert into username values (1, 'joe.bloggs');
insert into username values (1, 'joebloggs');
insert into username values (1, 'joe_bloggs');
insert into domain values (1, 'gmail.com');
Then your original query gets three rows back:
gmail.com$joe.bloggs
gmail.com$joe_bloggs#gmail.com$joebloggs
gmail.com$joe_bloggs#gmail.com$joebloggs
You're passing the data from each of your user IDs to a separate call to rowtocol, which isn't really what you want. You can get the result I think you're after by reversing it; pass the main query that joins the two tables as the select argument to the function, and have that passed query do the username/domain concatenation - that is a separate step to the string aggregation:
select
rowtocol('select s.username_id || ''#'' || d.domain_name from username s join domain d on d.user_id = s.user_id', '$')
from dual;
which gets a single result:
joe.bloggs#gmail.com$joe_bloggs#gmail.com$joebloggs#gmail.com
Whether that fits into your larger query, which you haven't shown, is a separate question. You might need to correlate it with the rest of your query.
There are other ways to string aggregation in Oracle, but this function is one way, and you already have it installed. I'd look at alternatives though, such as ThomasG's answer, which make it a bit clearer what's going on I think.
As Alex told you in comments, this ROWTOCOL isn't a standard function so if you don't show its code, there's nothing we can do to fix it.
However you can accomplish what you want in Oracle 10 using the XMLAGG built-in function.
try this :
SELECT
rtrim (xmlagg (xmlelement (e, s.user_id || '#' || d.domain_name || '$')).extract ('//text()'), '$') whatever
FROM username s
INNER JOIN domain d ON s.user_id = d.user_id
I am an IS auditor and I would like to check how we can retrieve the PASSWORD_VERIFY_FUNCTION assigned to users. I understand the script utlpwdmg.sql can be executed to setup the default password resource limits.
If changes were made using ALTER PROFILE, the script utlpwdmg.sql will not show the latest settings.
Please let me know what SQL commands I can execute to show what is the PASSWORD_VERIFY_FUNCTION stored and used in the system.
You can use this query to see source code of stored proc:
--Source of all password functions.
select *
from dba_source
where owner = 'SYS'
and name in
(
--The name of all password functions in use.
--See DBA_USERS.PROFILE to determine which user is using which profile.
select limit
from dba_profiles
where resource_name = 'PASSWORD_VERIFY_FUNCTION'
--Yes, this is intentionally the string 'NULL', that's what Oracle uses here.
and limit <> 'NULL'
)
order by name, line;
To find out what users are using PASSWORD_VERIFY_FUNCTION, you need to find out which profiles are using the function and then see which users are assigned that profile.
select profile from dba_profiles where limit = 'PASSWORD_VERIFY_FUNCTION';
select username from dba_users where profile = ;
Using Active Directory, am trying to find the SamAccountName and email of the user’s manager.
I find the logged on user in the AD by search where sAMAccountName = Domain\Account. I then retrieve the manager property, which looks like this, for example:
CN=Doe\, Jane E.,OU=Employees,OU=Users,OU=Detroit,OU=United States,DC=na,DC=gmc,DC=gmc,DC=com"
How can I use this presumed key to find the user record for this person? What field would I match on?
If I remember correctly, that is their Distinguished Name, which means you can use it as the direct reference to their profile
LDAP://CN=Doe, Jane E.,OU=Employees,OU=Users,OU=Detroit,OU=United States,DC=na,DC=gmc,DC=gmc,DC=com
I also think it will return that name if the profile exists. If it has been deleted then I believe it runs a GUID of some sort (based on memory - this might be incorrect)
The entry for the manager is the manager's Binding String. You can feed it back into a request to active directory by binding it to an object that will return the manager's information.
(This is a post from old time, but I thought might be useful for others in the community)
You can use string stripping and find it like this:
REPLACE(SUBSTRING(manager, 4, CHARINDEX('OU=', manager)-5), '\', '')
Full working query (just change DOMAIN to your own):
SELECT Top 901 manager, REPLACE(SUBSTRING(manager, 4, CHARINDEX('OU=',
manager)-5), '\', '')
FROM OPENQUERY( ADSI, 'SELECT manager FROM ''LDAP://DC=DOMAIN,DC=local''
WHERE objectCategory = ''Person'' AND objectClass= ''user''
AND userprincipalname = ''*'' AND mail = ''*'' AND SN = ''*'' ')