briancampbellmcad (12/24/2012)
I have an ASP.net application, no encryption, just a Record#, UserName, PW, and SecurityLevel, really simple file, 30 users tops.
Disclaimer: I don't agree with what you are doing. You should be be at least hashing with a salt the password for the user. Also, you shouldn't pass the username/password pair from the application in clear text.
create procedure dbo.Lookup (
@UserName varchar(32), -- Or what ever you are using
@Password varchar(32), -- Or whatever you are using
@IsValid tinyint OUTPUT
)
as
begin
select
@IsValid = case when @Password = pw then 1 else 0 end
from
dbo.MyLoginTable
where
Username = @Username;
return;
end
'