SQL2000. Am I wrong.
Do I have to make it from scratch myself or is there samples out there?
/Jens Ulrik"Jens U. K." <1jk2@.3bsopatent4.dk> wrote in message
news:i3t8d.3709$UU4.720@.news.get2net.dk...
> It seems like there is no built in procedure for making a password hash in
> SQL2000. Am I wrong.
> Do I have to make it from scratch myself or is there samples out there?
> /Jens Ulrik
That's correct - the usual solution is to encrypt/decrypt in the client
application using the Win32 CrpytoAPI, or some other suitable API, then
store only the encrypted password in the database:
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=22
Simon|||"Simon Hayes" <sql@.hayes.ch> wrote in message
news:41626a41$1_1@.news.bluewin.ch...
> "Jens U. K." <1jk2@.3bsopatent4.dk> wrote in message
> news:i3t8d.3709$UU4.720@.news.get2net.dk...
>> It seems like there is no built in procedure for making a password hash
>> in SQL2000. Am I wrong.
>> Do I have to make it from scratch myself or is there samples out there?
>>
>> /Jens Ulrik
> That's correct - the usual solution is to encrypt/decrypt in the client
> application using the Win32 CrpytoAPI, or some other suitable API, then
> store only the encrypted password in the database:
Hmm, it would have so easy with a stored procedure. Only problem is that
neither the SQL-server nor the HTTP-server are in my possesion. So
unfortunately I do not have access to "whatever" API I want :-( But as I
recall the provider have ASP.NET and I think there is some encryption
functions in there...
/Jens Ulrik|||The asp.net System.Web.Security.FormsAuthentication class contains a static
method for hashing passwords that you may find helpful:
string password = "god";
string passwordFormat = "sha1";
string encryptedPassword =
FormsAuthentication.HashPasswordForStoringInConfig File(password,passwordFormat);
"Jens U. K." <1jk2@.3bsopatent4.dk> wrote in message
news:3bu8d.4068$xP1.2605@.news.get2net.dk...
> "Simon Hayes" <sql@.hayes.ch> wrote in message
> news:41626a41$1_1@.news.bluewin.ch...
>>
>> "Jens U. K." <1jk2@.3bsopatent4.dk> wrote in message
>> news:i3t8d.3709$UU4.720@.news.get2net.dk...
>>> It seems like there is no built in procedure for making a password hash
>>> in SQL2000. Am I wrong.
>>> Do I have to make it from scratch myself or is there samples out there?
>>>
>>> /Jens Ulrik
>>
>> That's correct - the usual solution is to encrypt/decrypt in the client
>> application using the Win32 CrpytoAPI, or some other suitable API, then
>> store only the encrypted password in the database:
> Hmm, it would have so easy with a stored procedure. Only problem is that
> neither the SQL-server nor the HTTP-server are in my possesion. So
> unfortunately I do not have access to "whatever" API I want :-( But as I
> recall the provider have ASP.NET and I think there is some encryption
> functions in there...
> /Jens Ulrik
No comments:
Post a Comment