473,743 Members | 2,225 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

I saved password into the database with "binary" data type from GetByte method. How can I to compare the password that between database and transfered from the page?

Dear all,

The following is the source. The password is encrypted and saved into the
Binary in SQL2K.
Now I want to create a new page to compare the existed password and the
password that in the database.
But I don't know how to used source code to solve it. Can you help me?
Urgently!

<<<<<<Save Method<<<<<<

HashProviderFac tory hashProviderFac tory = new HashProviderFac tory();
this.hashProvid er = hashProviderFac tory.CreateHash Provider("SHA1M anaged");
byte[] password =
hashProvider.Cr eateHash(Encodi ng.Unicode.GetB ytes(TxtPasswor d.Text));

DBCommandWrappe r DBCW_Edit =
db.GetStoredPro cCommandWrapper (CPEditSalesman Password);
DBCW_Edit.AddIn Parameter("@Id" , DbType.Double, objSalesMan.Id) ;
DBCW_Edit.AddIn Parameter("@Pas sword", DbType.Binary, password);
db.ExecuteNonQu ery(DBCW_Edit);
<<<<<<Get Method from SQL2K<<<<<<

HashProviderFac tory hashProviderFac tory = new HashProviderFac tory();
this.hashProvid er = hashProviderFac tory.CreateHash Provider("SHA1M anaged");
byte[] password =
hashProvider.Cr eateHash(Encodi ng.Unicode.GetB ytes(TxtPasswor d.Text));

DBCommandWrappe r DBCW_Edit =
db.GetStoredPro cCommandWrapper (CPEditSalesman Password);
DBCW_Edit.AddIn Parameter("@Id" , DbType.Double, objSalesMan.Id) ;
DBCW_Edit.AddIn Parameter("@Pas sword", DbType.Binary, password);
db.ExecuteNonQu ery(DBCW_Edit);
Benny Ng
Jan 19 '06 #1
3 3764
"Benny Ng" <be**********@h otmail.com> wrote in message
news:uW******** ******@TK2MSFTN GP11.phx.gbl...
The following is the source. The password is encrypted and saved into the
Binary in SQL2K.
Now I want to create a new page to compare the existed password and the
password that in the database.
But I don't know how to used source code to solve it. Can you help me?


Not seeing the StoredProcedure , it is unclear exactly what is being done
here other than passing the username and hashed password to the database. In
most cases, a one way hash is sufficient for passwords. You do not need to
retrieve a password, only compare the saved hash against the hashed version
of the user entered value. If the values match, then you have authenticated
their credentials. If not, then it is not valid. It is more secure to give
the user the ability to change their password, or possibly reset it, but
never to retrieve it.

Jim Wooley
Jan 20 '06 #2
Once you have saved the password, every time a user logs in with that
password, encrypt the typed value using the same encryption as with the
database password and then compare.
--
Christopher A. Reed
"The oxen are slow, but the earth is patient."

"Benny Ng" <be**********@h otmail.com> wrote in message
news:uW******** ******@TK2MSFTN GP11.phx.gbl...
Dear all,

The following is the source. The password is encrypted and saved into the
Binary in SQL2K.
Now I want to create a new page to compare the existed password and the
password that in the database.
But I don't know how to used source code to solve it. Can you help me?
Urgently!

<<<<<<Save Method<<<<<<

HashProviderFac tory hashProviderFac tory = new HashProviderFac tory();
this.hashProvid er = hashProviderFac tory.CreateHash Provider("SHA1M anaged");
byte[] password =
hashProvider.Cr eateHash(Encodi ng.Unicode.GetB ytes(TxtPasswor d.Text));

DBCommandWrappe r DBCW_Edit =
db.GetStoredPro cCommandWrapper (CPEditSalesman Password);
DBCW_Edit.AddIn Parameter("@Id" , DbType.Double, objSalesMan.Id) ;
DBCW_Edit.AddIn Parameter("@Pas sword", DbType.Binary, password);
db.ExecuteNonQu ery(DBCW_Edit);
<<<<<<Get Method from SQL2K<<<<<<

HashProviderFac tory hashProviderFac tory = new HashProviderFac tory();
this.hashProvid er = hashProviderFac tory.CreateHash Provider("SHA1M anaged");
byte[] password =
hashProvider.Cr eateHash(Encodi ng.Unicode.GetB ytes(TxtPasswor d.Text));

DBCommandWrappe r DBCW_Edit =
db.GetStoredPro cCommandWrapper (CPEditSalesman Password);
DBCW_Edit.AddIn Parameter("@Id" , DbType.Double, objSalesMan.Id) ;
DBCW_Edit.AddIn Parameter("@Pas sword", DbType.Binary, password);
db.ExecuteNonQu ery(DBCW_Edit);
Benny Ng

Jan 22 '06 #3
Hi,All,

I found the reason about this. Because this application is based on
Enterprise Library. So When I set the option about the encryption. I
selected the "Salt Enabled". And as we know the salt is randomly generated
by the system (or by us) . So the method that I used to compare the equal of
both password wouldn't be runs properly. But at last I used the intrinsic
method of Identity Authentication (likes the logon page) to compare the
coming password and the existed one. It's successfully.

So, In here I'm appreciated for everyone's concentrated and helps.

Thank you very much.

Benny Ng
MSN: be**********@ho tmail.com
"Christophe r Reed" <ca****@nospam. nospam> wrote in message
news:%2******** **********@TK2M SFTNGP09.phx.gb l...
Once you have saved the password, every time a user logs in with that
password, encrypt the typed value using the same encryption as with the
database password and then compare.
--
Christopher A. Reed
"The oxen are slow, but the earth is patient."

"Benny Ng" <be**********@h otmail.com> wrote in message
news:uW******** ******@TK2MSFTN GP11.phx.gbl...
Dear all,

The following is the source. The password is encrypted and saved into the
Binary in SQL2K.
Now I want to create a new page to compare the existed password and the
password that in the database.
But I don't know how to used source code to solve it. Can you help me?
Urgently!

<<<<<<Save Method<<<<<<

HashProviderFac tory hashProviderFac tory = new HashProviderFac tory();
this.hashProvid er =
hashProviderFac tory.CreateHash Provider("SHA1M anaged");
byte[] password =
hashProvider.Cr eateHash(Encodi ng.Unicode.GetB ytes(TxtPasswor d.Text));

DBCommandWrappe r DBCW_Edit =
db.GetStoredPro cCommandWrapper (CPEditSalesman Password);
DBCW_Edit.AddIn Parameter("@Id" , DbType.Double, objSalesMan.Id) ;
DBCW_Edit.AddIn Parameter("@Pas sword", DbType.Binary, password);
db.ExecuteNonQu ery(DBCW_Edit);
<<<<<<Get Method from SQL2K<<<<<<

HashProviderFac tory hashProviderFac tory = new HashProviderFac tory();
this.hashProvid er =
hashProviderFac tory.CreateHash Provider("SHA1M anaged");
byte[] password =
hashProvider.Cr eateHash(Encodi ng.Unicode.GetB ytes(TxtPasswor d.Text));

DBCommandWrappe r DBCW_Edit =
db.GetStoredPro cCommandWrapper (CPEditSalesman Password);
DBCW_Edit.AddIn Parameter("@Id" , DbType.Double, objSalesMan.Id) ;
DBCW_Edit.AddIn Parameter("@Pas sword", DbType.Binary, password);
db.ExecuteNonQu ery(DBCW_Edit);
Benny Ng


Jan 25 '06 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
2413
by: projecktzero | last post by:
Well, I've managed to get an image into a postgre database, but now I'm having trouble getting it out. #! /usr/bin/env python from pyPgSQL import PgSQL def main(): connectdb = PgSQL.connect('server:port:database:username:password') cur = connectdb.cursor()
8
25402
by: Jerry | last post by:
I have an off-the-shelf app that uses an Access database as its backend. One of the tables contains a field with an "OLE Object" datatype. I'm writing some reports against this database, and I believe this field contains data I need. When I view the table in datasheet view, all I can see in this field is the string "Long binary data". So, I've got the problem of needing to extract data from this field, but I don't know what format...
4
1709
by: Daedric | last post by:
Hello and thanks in advance to anyone who offers help. To make this simple, let's say I have a game which has 100 different monsters. I want a binary data file to hold all of these. It would have the index number of the mob, name, size, attributes, etc. I can easily create an editor to edit the records in this file, as soon as I know how to create this file and be able to find a specific monster in the file and fill, say, text boxes...
6
2727
by: | last post by:
Hi all, is there a better way to stream binary data stored in a table in sql 2005 to a browser in .net 2.0? Or is the code same as in .net 1.1? We noticed that in certain heavy load scenarios, every now and then the client would timeout and have to re-initiate the request... TIA!
0
2342
by: Wescotte | last post by:
I'm abit confused on how to work with binary data with an ODBC connection (My database is DB2 btw) Say I have a table like CREATE TABLE EJWLIB.BLOBTEST ( ID NUMERIC(5) NOT NULL, FILENAME VARCHAR(128) NOT NULL, BINARY BLOB(2M) ) Now I (I assume this is the correct method) insert data in the
3
1307
by: Benny Ng | last post by:
Dear all, The following is the source. The password is encrypted and saved into the Binary in SQL2K. Now I want to create a new page to compare the existed password and the password that in the database. But I don't know how to used source code to solve it. Can you help me? Urgently! <<<<<<Save Method<<<<<<
6
1605
by: Barry | last post by:
Hi all I have this script(download.php) which downloads binary data from a mysql database. <? /* SNIP */ $document=document::singleton();
8
8932
by: Mark | last post by:
Hello. I am attempting to write binary data from a file to an OLE Object field, and then write the file back out from the database. I am reading and writing the files in binary mode, and using GetChunk and AppendChunk to read and write binary data from the OLE Object field. I am using VBA and DAO for this experiment. The OLE Object field is being used to store Long Binary data.
3
8511
by: Me Alone | last post by:
Hello: I am trying to edit some C code I found in "The definitive guide to using, programming, and administering MySQL" by Paul DuBois. This C client program connects and then segfaults when the function load_image is called. Would anyone be able to point me to what I might be doing wrong? Thanks in advance, C Newbie
0
8795
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9486
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9344
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
9214
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
8218
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
6763
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
6057
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4572
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
1
3286
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.