Home Forums Article Discussions Article Discussions by Author Discuss Content Posted by Dinesh Asanka Save Your Password RE: Save Your Password

  • July 12, 2005 at 2:27 pm

    #573674

    Aruna, I hoped you picked up from the other comments that the clear text password is given by the person trying to get access.

    The Improvements section isn't clear.  Are you asking SQL Server to improve their undocumented software, or are you saying that the clear text password given by the person is appended or prepended with a mask in the application layer?

    That still doesn't stop a sniffer from seeing the password if you aren't using SSL.

    I also wondered why you would use pwdcompare, so I ran the following tests and found out what it does.  Still not sure why you would use it:

    if (pwdencrypt('pwdencrypt')=pwdencrypt('pwdencrypt')) print 'exact match found'

    else print 'exact match not found'

    if (pwdencrypt('pwdencrypt')=pwdencrypt('Pwdencrypt')) print 'case match found'

    else print 'case match not found'

    PRINT pwdcompare('Pwdencrypt', pwdencrypt('pwdencrypt'), 0);