RAD Server stores the password for the users as a hashed value (so far that’s good). Unfortunately it appears you can only change that password using the RAD Server Console.
We want to be able to change that password using our own code. This would involve opening the RAD Server Interbase database (that’s easy enough) and updating the password field of the users table.
That’s where we hit a problem. Since the password is stored as a hash value, we need to replace it with a hashed value. There’s no information on what hashing algorithm is used or any salt values used with that algorithm.
Before I start the process of reaching out to Embarcadero has anyone else come across this and requested the relevant details from them.
The documentation for the update user endpoint implies that you can only update custom fields. But while taking a second look at the links @Malcolm posted I noticed at the very bottom of the page a link to a tutorial for exactly what I was looking for.
It may be @Graeme, the RTL includes support for a handful of different hashing algorithms these days. It’s probably one of those. Any salt potentially used in the hashing would be nice to know too.
It’s not such a big concern now since I found that changing the password via the remote API is supported, just not particularly well documented.
