[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

microsoft.public.sqlserver.programming

validate username and password

Roxanne

3/28/2007 6:16:00 PM

I need to validate a username and password and if both are valid I then need
to run some SQL code to get data for that user. The password is encrypted in
the database so its stored as such:

w2mvkgj1dmkh1kgk4kdnd as such

how can I on the SQL side validate this password when its passed into the
store procedure?
7 Answers

ML

3/28/2007 7:48:00 PM

0

Are you saying that the application is sending the password in clear text? If
so, then what's the point of using encryption anyway?


ML

---
http://milambda.blo...

Roxanne

3/28/2007 7:52:00 PM

0

No, its being passed as SHA1 format.

wa

"ML" <ML@discussions.microsoft.com> wrote in message
news:BD9B861C-E67B-4A9F-BF9A-CE9C13276DBA@microsoft.com...
> Are you saying that the application is sending the password in clear text?
> If
> so, then what's the point of using encryption anyway?
>
>
> ML
>
> ---
> http://milambda.blo...


Roxanne

3/28/2007 7:54:00 PM

0

No, its being passed as SHA1 format.

what the developer wants is to validate the username and password in the db.
once they are validated then run a query to return that user their data.

so instead of just validating the username he wants to validate both prior
to running a query to return data. This connection is coming from a
blackberry device so he's trying some more validation going on and his
process is requiring both ID and pwd to be validated before getting that
user their data


"ML" <ML@discussions.microsoft.com> wrote in message
news:BD9B861C-E67B-4A9F-BF9A-CE9C13276DBA@microsoft.com...
> Are you saying that the application is sending the password in clear text?
> If
> so, then what's the point of using encryption anyway?
>
>
> ML
>
> ---
> http://milambda.blo...


ML

3/28/2007 9:40:00 PM

0

If the password is also stored encrypted using the same method (and key) then
you can compare the values. Or am I missing something?


ML

---
http://milambda.blo...

Roxanne

3/28/2007 11:01:00 PM

0

I'm trying that pwcompare statement and its returning 0 all the time.

is there somethign on mising on it? I'm using SQL 2005

"ML" <ML@discussions.microsoft.com> wrote in message
news:778144E1-0100-4C3F-B8FF-97872BF96588@microsoft.com...
> If the password is also stored encrypted using the same method (and key)
> then
> you can compare the values. Or am I missing something?
>
>
> ML
>
> ---
> http://milambda.blo...


ML

3/29/2007 6:50:00 AM

0

If the password is sent from the application encrypted the same way it was
encrypted when it was created then the cipher-text values are the same. Ther
is no need to use pwcompare.

If, on the other hand, the values have not been encrypted using the same
method then you'd have to decrypt each using appropriate methods and compare
clear-text values.


ML

---
http://milambda.blo...

Hari

3/29/2007 1:29:00 PM

0

Hello,

You can not use PWDCompare in this situation. I recomemnd you to take a look
into Symmetric and Asymmetric encryption mechanisms which is available fvrom
sql 2005.

Thanks
Hari

"John" <John@gmail.com> wrote in message
news:uzWq2zYcHHA.4312@TK2MSFTNGP05.phx.gbl...
> I'm trying that pwcompare statement and its returning 0 all the time.
>
> is there somethign on mising on it? I'm using SQL 2005
>
> "ML" <ML@discussions.microsoft.com> wrote in message
> news:778144E1-0100-4C3F-B8FF-97872BF96588@microsoft.com...
>> If the password is also stored encrypted using the same method (and key)
>> then
>> you can compare the values. Or am I missing something?
>>
>>
>> ML
>>
>> ---
>> http://milambda.blo...
>
>