Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

matching user to password Expand / Collapse
Author
Message
Posted Monday, December 24, 2012 12:07 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Thursday, March 13, 2014 2:33 PM
Points: 117, Visits: 315
can anyone tell me the basic T-SQL for looking up a user and their password in a loging I'm creating? I know this sounds rather basic, but it's indeed throwing me... thanks!
Post #1399956
Posted Monday, December 24, 2012 12:16 PM


SSC-Insane

SSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-Insane

Group: General Forum Members
Last Login: Yesterday @ 7:23 PM
Points: 20,860, Visits: 32,883
Are you talking about looking up a custom (application based) username/password or looking up a SQL Server or Windows password based on a username?


Lynn Pettis

For better assistance in answering your questions, click here
For tips to get better help with Performance Problems, click here
For Running Totals and its variations, click here or when working with partitioned tables
For more about Tally Tables, click here
For more about Cross Tabs and Pivots, click here and here
Managing Transaction Logs

SQL Musings from the Desert Fountain Valley SQL (My Mirror Blog)
Post #1399960
Posted Monday, December 24, 2012 12:18 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Thursday, March 13, 2014 2:33 PM
Points: 117, Visits: 315
Custom table I'm designing.
Post #1399961
Posted Monday, December 24, 2012 12:24 PM


SSC-Insane

SSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-Insane

Group: General Forum Members
Last Login: Yesterday @ 7:23 PM
Points: 20,860, Visits: 32,883
Are you storing the passwords encrypted, hased, hased with salt, or plain text? How is the password being passed to the login procedure as well?



Lynn Pettis

For better assistance in answering your questions, click here
For tips to get better help with Performance Problems, click here
For Running Totals and its variations, click here or when working with partitioned tables
For more about Tally Tables, click here
For more about Cross Tabs and Pivots, click here and here
Managing Transaction Logs

SQL Musings from the Desert Fountain Valley SQL (My Mirror Blog)
Post #1399969
Posted Monday, December 24, 2012 12:30 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Thursday, March 13, 2014 2:33 PM
Points: 117, Visits: 315
I have an ASP.net application, no encryption, just a Record#, UserName, PW, and SecurityLevel, really simple file, 30 users tops.
Post #1399974
Posted Monday, December 24, 2012 12:42 PM


SSC-Insane

SSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-Insane

Group: General Forum Members
Last Login: Yesterday @ 7:23 PM
Points: 20,860, Visits: 32,883
briancampbellmcad (12/24/2012)
I have an ASP.net application, no encryption, just a Record#, UserName, PW, and SecurityLevel, really simple file, 30 users tops.


Disclaimer: I don't agree with what you are doing. You should be be at least hashing with a salt the password for the user. Also, you shouldn't pass the username/password pair from the application in clear text.


create procedure dbo.Lookup (
@UserName varchar(32), -- Or what ever you are using
@Password varchar(32), -- Or whatever you are using
@IsValid tinyint OUTPUT
)
as
begin
select
@IsValid = case when @Password = pw then 1 else 0 end
from
dbo.MyLoginTable
where
Username = @Username;
return;
end


'



Lynn Pettis

For better assistance in answering your questions, click here
For tips to get better help with Performance Problems, click here
For Running Totals and its variations, click here or when working with partitioned tables
For more about Tally Tables, click here
For more about Cross Tabs and Pivots, click here and here
Managing Transaction Logs

SQL Musings from the Desert Fountain Valley SQL (My Mirror Blog)
Post #1399977
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse