472,119 Members | 1,973 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

home > topics > .net framework > questions > i saved password into the database with "binary" data type from getbyte method. how can i to compare the password that between database and transfered from the page?

Join Bytes to post your question to a community of 472,119 software developers and data experts.

I saved password into the database with "binary" data type from GetByte method. How can I to compare the password that between database and transfered from the page?

Dear all,

The following is the source. The password is encrypted and saved into the
Binary in SQL2K.
Now I want to create a new page to compare the existed password and the
password that in the database.
But I don't know how to used source code to solve it. Can you help me?
Urgently!

<<<<<<Save Method<<<<<<

HashProviderFactory hashProviderFactory = new HashProviderFactory();
this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Manage d");
byte[] password =
hashProvider.CreateHash(Encoding.Unicode.GetBytes( TxtPassword.Text));

DBCommandWrapper DBCW_Edit =
db.GetStoredProcCommandWrapper(CPEditSalesmanPassw ord);
DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
db.ExecuteNonQuery(DBCW_Edit);
<<<<<<Get Method from SQL2K<<<<<<

HashProviderFactory hashProviderFactory = new HashProviderFactory();
this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Manage d");
byte[] password =
hashProvider.CreateHash(Encoding.Unicode.GetBytes( TxtPassword.Text));

DBCommandWrapper DBCW_Edit =
db.GetStoredProcCommandWrapper(CPEditSalesmanPassw ord);
DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
db.ExecuteNonQuery(DBCW_Edit);
Benny Ng
Jan 19 '06 #1
3 3663
"Benny Ng" <be**********@hotmail.com> wrote in message
news:uW**************@TK2MSFTNGP11.phx.gbl...
The following is the source. The password is encrypted and saved into the
Binary in SQL2K.
Now I want to create a new page to compare the existed password and the
password that in the database.
But I don't know how to used source code to solve it. Can you help me?


Not seeing the StoredProcedure, it is unclear exactly what is being done
here other than passing the username and hashed password to the database. In
most cases, a one way hash is sufficient for passwords. You do not need to
retrieve a password, only compare the saved hash against the hashed version
of the user entered value. If the values match, then you have authenticated
their credentials. If not, then it is not valid. It is more secure to give
the user the ability to change their password, or possibly reset it, but
never to retrieve it.

Jim Wooley
Jan 20 '06 #2
Once you have saved the password, every time a user logs in with that
password, encrypt the typed value using the same encryption as with the
database password and then compare.
--
Christopher A. Reed
"The oxen are slow, but the earth is patient."

"Benny Ng" <be**********@hotmail.com> wrote in message
news:uW**************@TK2MSFTNGP11.phx.gbl...
Dear all,

The following is the source. The password is encrypted and saved into the
Binary in SQL2K.
Now I want to create a new page to compare the existed password and the
password that in the database.
But I don't know how to used source code to solve it. Can you help me?
Urgently!

<<<<<<Save Method<<<<<<

HashProviderFactory hashProviderFactory = new HashProviderFactory();
this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Manage d");
byte[] password =
hashProvider.CreateHash(Encoding.Unicode.GetBytes( TxtPassword.Text));

DBCommandWrapper DBCW_Edit =
db.GetStoredProcCommandWrapper(CPEditSalesmanPassw ord);
DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
db.ExecuteNonQuery(DBCW_Edit);
<<<<<<Get Method from SQL2K<<<<<<

HashProviderFactory hashProviderFactory = new HashProviderFactory();
this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Manage d");
byte[] password =
hashProvider.CreateHash(Encoding.Unicode.GetBytes( TxtPassword.Text));

DBCommandWrapper DBCW_Edit =
db.GetStoredProcCommandWrapper(CPEditSalesmanPassw ord);
DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
db.ExecuteNonQuery(DBCW_Edit);
Benny Ng

Jan 22 '06 #3
Hi,All,

I found the reason about this. Because this application is based on
Enterprise Library. So When I set the option about the encryption. I
selected the "Salt Enabled". And as we know the salt is randomly generated
by the system (or by us) . So the method that I used to compare the equal of
both password wouldn't be runs properly. But at last I used the intrinsic
method of Identity Authentication (likes the logon page) to compare the
coming password and the existed one. It's successfully.

So, In here I'm appreciated for everyone's concentrated and helps.

Thank you very much.

Benny Ng
MSN: be**********@hotmail.com
"Christopher Reed" <ca****@nospam.nospam> wrote in message
news:%2******************@TK2MSFTNGP09.phx.gbl...
Once you have saved the password, every time a user logs in with that
password, encrypt the typed value using the same encryption as with the
database password and then compare.
--
Christopher A. Reed
"The oxen are slow, but the earth is patient."

"Benny Ng" <be**********@hotmail.com> wrote in message
news:uW**************@TK2MSFTNGP11.phx.gbl...
Dear all,

The following is the source. The password is encrypted and saved into the
Binary in SQL2K.
Now I want to create a new page to compare the existed password and the
password that in the database.
But I don't know how to used source code to solve it. Can you help me?
Urgently!

<<<<<<Save Method<<<<<<

HashProviderFactory hashProviderFactory = new HashProviderFactory();
this.hashProvider =
hashProviderFactory.CreateHashProvider("SHA1Manage d");
byte[] password =
hashProvider.CreateHash(Encoding.Unicode.GetBytes( TxtPassword.Text));

DBCommandWrapper DBCW_Edit =
db.GetStoredProcCommandWrapper(CPEditSalesmanPassw ord);
DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
db.ExecuteNonQuery(DBCW_Edit);
<<<<<<Get Method from SQL2K<<<<<<

HashProviderFactory hashProviderFactory = new HashProviderFactory();
this.hashProvider =
hashProviderFactory.CreateHashProvider("SHA1Manage d");
byte[] password =
hashProvider.CreateHash(Encoding.Unicode.GetBytes( TxtPassword.Text));

DBCommandWrapper DBCW_Edit =
db.GetStoredProcCommandWrapper(CPEditSalesmanPassw ord);
DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
db.ExecuteNonQuery(DBCW_Edit);
Benny Ng


Jan 25 '06 #4

This discussion thread is closed

Start new discussion

Replies have been disabled for this discussion.

Similar topics
Getting binary data out of a postgre database
4 posts views Thread by projecktzero | last post: by
Binary "Database" for a game - please help
4 posts views Thread by Daedric | last post: by
streaming binary data from sql 2005
6 posts views Thread by | last post: by
PHP
ODBC and storing binary data (specially BLOB)
reply views Thread by Wescotte | last post: by
PHP
Problem downloading binary data
6 posts views Thread by Barry | last post: by
C client to load binary data to MySQL
3 posts views Thread by Me Alone | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Advertise
Terms Of Use
Privacy Policy
Contact Us
Sitemap

Follow us! Get the Latest Bytes Updates