December 24, 2012 at 12:07 pm
can anyone tell me the basic T-SQL for looking up a user and their password in a loging I'm creating? I know this sounds rather basic, but it's indeed throwing me... thanks!
December 24, 2012 at 12:16 pm
Are you talking about looking up a custom (application based) username/password or looking up a SQL Server or Windows password based on a username?
December 24, 2012 at 12:18 pm
Custom table I'm designing.
December 24, 2012 at 12:24 pm
Are you storing the passwords encrypted, hased, hased with salt, or plain text? How is the password being passed to the login procedure as well?
December 24, 2012 at 12:30 pm
I have an ASP.net application, no encryption, just a Record#, UserName, PW, and SecurityLevel, really simple file, 30 users tops.
December 24, 2012 at 12:42 pm
briancampbellmcad (12/24/2012)
I have an ASP.net application, no encryption, just a Record#, UserName, PW, and SecurityLevel, really simple file, 30 users tops.
Disclaimer: I don't agree with what you are doing. You should be be at least hashing with a salt the password for the user. Also, you shouldn't pass the username/password pair from the application in clear text.
create procedure dbo.Lookup (
@UserName varchar(32), -- Or what ever you are using
@Password varchar(32), -- Or whatever you are using
@IsValid tinyint OUTPUT
)
as
begin
select
@IsValid = case when @Password = pw then 1 else 0 end
from
dbo.MyLoginTable
where
Username = @Username;
return;
end
'
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply