September 15, 2010 at 4:15 am
There is a program in the office and I have a database SQL but I am who wrote this program I have purchased through the company is ready and I told them what I want in the program and they have been carried out.
I was in during the previous period I can get through "SQL Server Management Studio Express" and selected tables and I find a table when I opened it work or Query about what it contains inside, I find the names of users and Password their own program.
I was in during the previous period I can get through SQL Server Management Studio Express and selected tables and you find a table when I opened it work or inquire about what it contains inside, I find the names of users and Password their own program.
A while ago there was a program update and the company sent an engineer from its side, and the necessary upgrading work, but I was surprised A few days ago when you open a table that I was watching the names of users, but only strange password are numbers, symbols and characters, and so on ....
I got up to open Query and wrote inside a query on the table to be fully demonstrating the user name and password and when the experiment and found that the password error
I took contact with them and found their response as follows "
"This protection program and I told him that I was possessed me every right to deal him he told me that this part of its own"
What is the solution to deal with such a problem........!!!!
September 15, 2010 at 4:22 am
I am not sure i fully understand, do you have an application that was written by another company and have they sent in an engineer to change it so it now hashes the passwords?
I took contact with them and found their response as follows "
"This protection program and I told him that I was possessed me every right to deal him he told me that this part of its own"
What do you mean by this?
September 15, 2010 at 4:35 am
** First thanks for the reply to my question..
I mean is I've contacted the company executing the program of my own and I explained to them the change that took.
Yes your understand my question
Now I see password is hashes
September 15, 2010 at 4:36 am
hashing the password is quite common and is usually required to pass security audits.
Does your program need to see the plain text passwords to work correctly?
September 15, 2010 at 4:40 am
Yes correctly
September 15, 2010 at 4:49 am
it depends on how they are encrypted, if they use simple md5 hashing it is possible to convert them back if you know the salt value.
however if they are more complex then there will be no way of finding them out without brute forcing them.
In this situation you will need to change your application to hash the password using the same salt and then you can check if the passwords match for logging in, however you will not be able to see them. This is the way most secure login systems work.
I would suggest contacting the engineer again to find out how the passwords are encrypted
September 15, 2010 at 5:00 am
Do you even now does not have anything to decode the MD5
The code was through the DLL files have been developed in the System Folder
September 15, 2010 at 5:04 am
you will need to ask them what kind of encyption they used and the salt values.
And assuming they used one of the standard ones, you can implement this yourself in your code and then use your encypted passwords to match there passwords.
also as mentioned decrypting them may not be possible as encrypting the paswords is usually a one way event. most decrypters rely on brute-force.
you are much better off matching the encrypted passwords to check logins as there is no reason for human to be able to understand a password once it is set.
September 15, 2010 at 5:11 am
Do you think they will give me the values that they used
September 15, 2010 at 5:14 am
it depends on your relationship with them, if you employed them and they wrote the software for you and you own the data then they should.
September 15, 2010 at 5:21 am
But does not have a query or a program that can do his own experience
September 15, 2010 at 6:02 am
they should have an idea, even if the code is in a compiled DLL the developer who included that DLL in their code should know what it does and how it does it.
Where did they get the dll from?
Viewing 12 posts - 1 through 12 (of 12 total)
You must be logged in to reply to this topic. Login to reply