Dear all,
The following is the source. The password is encrypted and saved into the
Binary in SQL2K.
Now I want to create a new page to compare the existed password and the
password that in the database.
But I don't know how to used source code to solve it. Can you help me?
Urgently!
<<<<<<Save Method<<<<<<
HashProviderFactory hashProviderFactory = new HashProviderFactory();
this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Manage d");
byte[] password =
hashProvider.CreateHash(Encoding.Unicode.GetBytes( TxtPassword.Text));
DBCommandWrapper DBCW_Edit =
db.GetStoredProcCommandWrapper(CPEditSalesmanPassw ord);
DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
db.ExecuteNonQuery(DBCW_Edit);
<<<<<<Get Method from SQL2K<<<<<<
HashProviderFactory hashProviderFactory = new HashProviderFactory();
this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Manage d");
byte[] password =
hashProvider.CreateHash(Encoding.Unicode.GetBytes( TxtPassword.Text));
DBCommandWrapper DBCW_Edit =
db.GetStoredProcCommandWrapper(CPEditSalesmanPassw ord);
DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
db.ExecuteNonQuery(DBCW_Edit);
Benny Ng 3 1294
"Benny Ng" <be**********@hotmail.com> wrote in message
news:uW**************@TK2MSFTNGP11.phx.gbl... The following is the source. The password is encrypted and saved into the Binary in SQL2K. Now I want to create a new page to compare the existed password and the password that in the database. But I don't know how to used source code to solve it. Can you help me?
Not seeing the StoredProcedure, it is unclear exactly what is being done
here other than passing the username and hashed password to the database. In
most cases, a one way hash is sufficient for passwords. You do not need to
retrieve a password, only compare the saved hash against the hashed version
of the user entered value. If the values match, then you have authenticated
their credentials. If not, then it is not valid. It is more secure to give
the user the ability to change their password, or possibly reset it, but
never to retrieve it.
Jim Wooley
Once you have saved the password, every time a user logs in with that
password, encrypt the typed value using the same encryption as with the
database password and then compare.
--
Christopher A. Reed
"The oxen are slow, but the earth is patient."
"Benny Ng" <be**********@hotmail.com> wrote in message
news:uW**************@TK2MSFTNGP11.phx.gbl... Dear all,
The following is the source. The password is encrypted and saved into the Binary in SQL2K. Now I want to create a new page to compare the existed password and the password that in the database. But I don't know how to used source code to solve it. Can you help me? Urgently!
<<<<<<Save Method<<<<<<
HashProviderFactory hashProviderFactory = new HashProviderFactory(); this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Manage d"); byte[] password = hashProvider.CreateHash(Encoding.Unicode.GetBytes( TxtPassword.Text));
DBCommandWrapper DBCW_Edit = db.GetStoredProcCommandWrapper(CPEditSalesmanPassw ord); DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id); DBCW_Edit.AddInParameter("@Password", DbType.Binary, password); db.ExecuteNonQuery(DBCW_Edit);
<<<<<<Get Method from SQL2K<<<<<<
HashProviderFactory hashProviderFactory = new HashProviderFactory(); this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Manage d"); byte[] password = hashProvider.CreateHash(Encoding.Unicode.GetBytes( TxtPassword.Text));
DBCommandWrapper DBCW_Edit = db.GetStoredProcCommandWrapper(CPEditSalesmanPassw ord); DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id); DBCW_Edit.AddInParameter("@Password", DbType.Binary, password); db.ExecuteNonQuery(DBCW_Edit);
Benny Ng
Hi,All,
I found the reason about this. Because this application is based on
Enterprise Library. So When I set the option about the encryption. I
selected the "Salt Enabled". And as we know the salt is randomly generated
by the system (or by us) . So the method that I used to compare the equal of
both password wouldn't be runs properly. But at last I used the intrinsic
method of Identity Authentication (likes the logon page) to compare the
coming password and the existed one. It's successfully.
So, In here I'm appreciated for everyone's concentrated and helps.
Thank you very much.
Benny Ng
MSN: be**********@hotmail.com
"Christopher Reed" <ca****@nospam.nospam> wrote in message
news:%2******************@TK2MSFTNGP09.phx.gbl... Once you have saved the password, every time a user logs in with that password, encrypt the typed value using the same encryption as with the database password and then compare. -- Christopher A. Reed "The oxen are slow, but the earth is patient."
"Benny Ng" <be**********@hotmail.com> wrote in message news:uW**************@TK2MSFTNGP11.phx.gbl... Dear all,
The following is the source. The password is encrypted and saved into the Binary in SQL2K. Now I want to create a new page to compare the existed password and the password that in the database. But I don't know how to used source code to solve it. Can you help me? Urgently!
<<<<<<Save Method<<<<<<
HashProviderFactory hashProviderFactory = new HashProviderFactory(); this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Manage d"); byte[] password = hashProvider.CreateHash(Encoding.Unicode.GetBytes( TxtPassword.Text));
DBCommandWrapper DBCW_Edit = db.GetStoredProcCommandWrapper(CPEditSalesmanPassw ord); DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id); DBCW_Edit.AddInParameter("@Password", DbType.Binary, password); db.ExecuteNonQuery(DBCW_Edit);
<<<<<<Get Method from SQL2K<<<<<<
HashProviderFactory hashProviderFactory = new HashProviderFactory(); this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Manage d"); byte[] password = hashProvider.CreateHash(Encoding.Unicode.GetBytes( TxtPassword.Text));
DBCommandWrapper DBCW_Edit = db.GetStoredProcCommandWrapper(CPEditSalesmanPassw ord); DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id); DBCW_Edit.AddInParameter("@Password", DbType.Binary, password); db.ExecuteNonQuery(DBCW_Edit);
Benny Ng
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: projecktzero |
last post by:
Well, I've managed to get an image into a postgre database, but now I'm
having trouble getting it out.
#! /usr/bin/env python
from pyPgSQL import PgSQL
def main():
connectdb =...
|
by: Jerry |
last post by:
I have an off-the-shelf app that uses an Access database as its
backend. One of the tables contains a field with an "OLE Object"
datatype. I'm writing some reports against this database, and I...
|
by: Daedric |
last post by:
Hello and thanks in advance to anyone who offers help.
To make this simple, let's say I have a game which has 100 different
monsters. I want a binary data file to hold all of these. It would...
|
by: |
last post by:
Hi all, is there a better way to stream binary data stored in a table in sql
2005 to a browser in .net 2.0? Or is the code same as in .net 1.1? We
noticed that in certain heavy load scenarios,...
|
by: Wescotte |
last post by:
I'm abit confused on how to work with binary data with an ODBC
connection (My database is DB2 btw)
Say I have a table like
CREATE TABLE EJWLIB.BLOBTEST (
ID NUMERIC(5) NOT NULL,
FILENAME...
| |
by: Benny Ng |
last post by:
Dear all,
The following is the source. The password is encrypted and saved into the
Binary in SQL2K.
Now I want to create a new page to compare the existed password and the
password that in the...
|
by: Barry |
last post by:
Hi all
I have this script(download.php) which downloads binary data from a
mysql database.
<?
/* SNIP */
$document=document::singleton();
|
by: Mark |
last post by:
Hello.
I am attempting to write binary data from a file to an
OLE Object field, and then write the file back out from
the database. I am reading and writing the files in
binary mode, and using...
|
by: Me Alone |
last post by:
Hello:
I am trying to edit some C code I found in "The definitive guide to
using, programming, and administering MySQL" by Paul DuBois. This C
client program connects and then segfaults when...
|
by: RN |
last post by:
Hi everyone,
First please let me explain. I am attempting to store pdf files in an MS
Access DB (2000) and I have written a subroutine to do this. My code seems
to work perfectly (see code...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |