matching user to password

  • can anyone tell me the basic T-SQL for looking up a user and their password in a loging I'm creating? I know this sounds rather basic, but it's indeed throwing me... thanks!

  • Are you talking about looking up a custom (application based) username/password or looking up a SQL Server or Windows password based on a username?

  • Custom table I'm designing.

  • Are you storing the passwords encrypted, hased, hased with salt, or plain text? How is the password being passed to the login procedure as well?

  • I have an ASP.net application, no encryption, just a Record#, UserName, PW, and SecurityLevel, really simple file, 30 users tops.

  • briancampbellmcad (12/24/2012)


    I have an ASP.net application, no encryption, just a Record#, UserName, PW, and SecurityLevel, really simple file, 30 users tops.

    Disclaimer: I don't agree with what you are doing. You should be be at least hashing with a salt the password for the user. Also, you shouldn't pass the username/password pair from the application in clear text.

    create procedure dbo.Lookup (

    @UserName varchar(32), -- Or what ever you are using

    @Password varchar(32), -- Or whatever you are using

    @IsValid tinyint OUTPUT

    )

    as

    begin

    select

    @IsValid = case when @Password = pw then 1 else 0 end

    from

    dbo.MyLoginTable

    where

    Username = @Username;

    return;

    end

    '

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply