Hi everybody
I am working on a school project where I am writing a software for course registration. I have different users Students, Faculty, and Administrator. They are allowed to log in using their ID and password. I was wondering how could i store password and userID securly. Should I store it in the individual table or separately?
Any suggestion is appreciated. Also, if somebody has worked on this kind of project, please let me know.
Thanks a lot[I am using SQL 2000.|||You need to use what is known as "one-way" encryption. The good news is that this is simpler than "two-way" encryption where it is must be possible to both encypt and decrypt a text string. In one-way encryption you apply a function to encrypt the string, and then store the encrypted result in your table. When someone submits their password to log in, you apply the same encryption function to their password and then compare it to the encrypted version stored with their personal record. If the two match, you let the dude in.
There are some built-in encryption functions within SQL Server which are simple to use. I think they are called dbencrypt and dbcompare, or something similiar. The disadvantage with these is that they are undocumented functions, and if you upgrade your database to a new version of sql server Microsoft does not guarantee that it will use the same encryption algorythm in future versions. The result (and this has happened in past upgrades...) is that the passwords your users submit no longer match the versions stored in your database. They must all be reset and new ones must be entered.
You can write your own one-way encryption algorythm, or I have one that you can use that is more secure than the one supplied with SQL Server. (The built-in function has been cracked and the solution is available on the internet.)
blindman
Showing posts with label storage. Show all posts
Showing posts with label storage. Show all posts
Monday, March 12, 2012
password storage
hai all!
i am going to store my user details to login from vb.net in a user table in sql.i would like to disguise the password column with dots or stars.how do i do that?kindly help.its urgent.i also need to compare the password right.so it should be readable by the program
i doubt if you can revert back to the original string from "dots or stars", what you could is to use an encrypting function...you may create your own or find one on the net|||
thanks yaar
give me some more info yaar|||That would depend on how you want to encrypt it. one way or 2 way?
and syntax will differ from language to language :)
cheers
i am going to store my user details to login from vb.net in a user table in sql.i would like to disguise the password column with dots or stars.how do i do that?kindly help.its urgent.i also need to compare the password right.so it should be readable by the program
Quote:
Originally Posted by pangsans
hai all!
i am going to store my user details to login from vb.net in a user table in sql.i would like to disguise the password column with dots or stars.how do i do that?kindly help.its urgent.i also need to compare the password right.so it should be readable by the program
i doubt if you can revert back to the original string from "dots or stars", what you could is to use an encrypting function...you may create your own or find one on the net|||
Quote:
Originally Posted by ck9663
i doubt if you can revert back to the original string from "dots or stars", what you could is to use an encrypting function...you may create your own or find one on the net
thanks yaar
give me some more info yaar|||That would depend on how you want to encrypt it. one way or 2 way?
and syntax will differ from language to language :)
cheers
Saturday, February 25, 2012
password
I have a DTS saved as a structered storage file.How can I provide SQL SERVER Logon ID and password for this DTS package and call it within a SP through the LOGON ID and Password?exec master..xp_cmdshell 'dtsrun /Ssql1 /NPublish /E'
--This will execute the DTSRun command line utility with the parameters
/S = SQL Server Host Name
/N = DTS Package Name
You can either use /E for "trusted connection" or /U/P to supply username and passwords
You will need the correct permissions to run xp_cmdshell since it is in the MASTER database.
--This will execute the DTSRun command line utility with the parameters
/S = SQL Server Host Name
/N = DTS Package Name
You can either use /E for "trusted connection" or /U/P to supply username and passwords
You will need the correct permissions to run xp_cmdshell since it is in the MASTER database.
Subscribe to:
Comments (Atom)