473,549 Members | 2,222 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

password hash

It seems like there is no built in procedure for making a password hash in
SQL2000. Am I wrong.
Do I have to make it from scratch myself or is there samples out there?

/Jens Ulrik

Jul 20 '05 #1
3 2435

"Jens U. K." <1j**@3bsopaten t4.dk> wrote in message
news:i3******** ********@news.g et2net.dk...
It seems like there is no built in procedure for making a password hash in
SQL2000. Am I wrong.
Do I have to make it from scratch myself or is there samples out there?

/Jens Ulrik


That's correct - the usual solution is to encrypt/decrypt in the client
application using the Win32 CrpytoAPI, or some other suitable API, then
store only the encrypted password in the database:

http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=22

Simon
Jul 20 '05 #2
"Simon Hayes" <sq*@hayes.ch > wrote in message
news:41******** **@news.bluewin .ch...

"Jens U. K." <1j**@3bsopaten t4.dk> wrote in message
news:i3******** ********@news.g et2net.dk...
It seems like there is no built in procedure for making a password hash
in SQL2000. Am I wrong.
Do I have to make it from scratch myself or is there samples out there?

/Jens Ulrik


That's correct - the usual solution is to encrypt/decrypt in the client
application using the Win32 CrpytoAPI, or some other suitable API, then
store only the encrypted password in the database:


Hmm, it would have so easy with a stored procedure. Only problem is that
neither the SQL-server nor the HTTP-server are in my possesion. So
unfortunately I do not have access to "whatever" API I want :-( But as I
recall the provider have ASP.NET and I think there is some encryption
functions in there...

/Jens Ulrik

Jul 20 '05 #3
The asp.net System.Web.Secu rity.FormsAuthe ntication class contains a static
method for hashing passwords that you may find helpful:

string password = "god";
string passwordFormat = "sha1";

string encryptedPasswo rd =
FormsAuthentica tion.HashPasswo rdForStoringInC onfigFile(passw ord,passwordFor mat);
"Jens U. K." <1j**@3bsopaten t4.dk> wrote in message
news:3b******** *********@news. get2net.dk...
"Simon Hayes" <sq*@hayes.ch > wrote in message
news:41******** **@news.bluewin .ch...

"Jens U. K." <1j**@3bsopaten t4.dk> wrote in message
news:i3******** ********@news.g et2net.dk...
It seems like there is no built in procedure for making a password hash
in SQL2000. Am I wrong.
Do I have to make it from scratch myself or is there samples out there?

/Jens Ulrik


That's correct - the usual solution is to encrypt/decrypt in the client
application using the Win32 CrpytoAPI, or some other suitable API, then
store only the encrypted password in the database:


Hmm, it would have so easy with a stored procedure. Only problem is that
neither the SQL-server nor the HTTP-server are in my possesion. So
unfortunately I do not have access to "whatever" API I want :-( But as I
recall the provider have ASP.NET and I think there is some encryption
functions in there...

/Jens Ulrik

Jul 20 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

14
2918
by: Todd Johnson | last post by:
I am creating a dialog in wxPython for log in purposes. Basically when the user clicks the ok button, the dialog box saves the user name and password as class attributes. Then as long as the dialog exists calling MyDialog.GetUserName() and MyDialog.GetPassword() returns them. This seems insecure to me. Is there a better way to go about this...
0
5653
by: aars | last post by:
Hello all, I am creating a user administration system where system administrator can activate services for a user, like webspace, a mail account or a subdomain. I now want to create a function that creates mysql databases and grant the right privileges to a user. But the problem is that mysql wants to have the plaintext password for the...
27
3119
by: frizzle | last post by:
Hi there, I've read in a few places that you should *never* store original passwords in a mySQL DB. Now i wonder if you encrypt it (with MD5 ?), how should i create a lost password function, so the pass could be sent to a corresponding e-mail address? Greetings Frizzle.
7
2915
by: jrefactors | last post by:
I want to ask how password is stored and how to check the authentication? I have heard password is never encrypted and decrypted, but it is hashed. For example, consider a simple email logon authentication in a hash table: Key: my email address Value: hash_function(my plan text password)
36
3250
by: dcrespo | last post by:
Hi all, I have a program that serves client programs. The server has a login password, which has to be used by each client for logging in. So, when the client connects, it sends a string with a password, which is then validated on the server side. The problem is obvious: anyone can get the password just sniffing the network. How can I...
2
3160
by: Phil Townsend | last post by:
I have been asked to rewrite some apps that contain databases of username and passwords to store the passwords as hashes. Getting the data into a hash format is no problem. however, how do I go about reading the hash value to validate a user? Is there a method of the FormsAuthentication class for doing this? *** Sent via Developersdex...
4
5537
by: PJones | last post by:
I am looking for the best way to one way encrypt a password for storage in a database using (asp.net / vb.net) basically I need some functions or examples that I can freely use in a commercial project anyone got any good functions or links I can look at ? I was looking at MD5 hash .. the examples I saw confused me as I didn't see a key...
26
5456
by: David Garamond | last post by:
I read that the password hash in pg_shadow is salted with username. Is this still the case? If so, since probably 99% of all PostgreSQL has "postgres" as the superuser name, wouldn't it be better to use standard Unix/Apache MD5 hash instead? -- dave ---------------------------(end of broadcast)---------------------------
21
2918
by: solomon_13000 | last post by:
I am using ms access database and asp 3.0 as my front end. In my database there is a table called account and a field called password. How do I protect the password stored in the database.
3
1907
by: phforum | last post by:
I have no ideas to encrypt the user input password from the text box.....
0
7548
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7743
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
7832
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
1
5391
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
5114
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3518
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3499
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1083
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
0
786
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.