RAD Server user password hashing algorithm

RAD Server stores the password for the users as a hashed value (so far that’s good). Unfortunately it appears you can only change that password using the RAD Server Console.

We want to be able to change that password using our own code. This would involve opening the RAD Server Interbase database (that’s easy enough) and updating the password field of the users table.

That’s where we hit a problem. Since the password is stored as a hash value, we need to replace it with a hashed value. There’s no information on what hashing algorithm is used or any salt values used with that algorithm.

Before I start the process of reaching out to Embarcadero has anyone else come across this and requested the relevant details from them.

1 Like


I haven’t used it, but my assumption there would be that there is an API to do this, for I would be very surprised if RADConsole made a direct access.

Try playing around with the URLs and see if anything “suspicious” comes up :smiley:

I haven’t tried to change passwords, but does the UpdateUser API endpoint allow that?


I note the AddUSer endpoint will take a password, but not sure about UpdateUser.

The documentation for the update user endpoint implies that you can only update custom fields. But while taking a second look at the links @Malcolm posted I noticed at the very bottom of the page a link to a tutorial for exactly what I was looking for.



Hi Lachlan

I found the hashing algorithm that Datasnap uses and am wondering if that algorithm is used by RAD Server as well.


It may be @Graeme, the RTL includes support for a handful of different hashing algorithms these days. It’s probably one of those. Any salt potentially used in the hashing would be nice to know too.

It’s not such a big concern now since I found that changing the password via the remote API is supported, just not particularly well documented.