January 12, 2009 at 2:17 pm
Please post any recommendation how to write a stored procedure to authenticate a password.
I have a procedure to create wherein the parameters would be username & password. this password are already enrcryped in the database. so i would have to encrypt the passed in parameters & compare it against the encryped password in database.
I want to know when the passwords match how do I return the results to user. whether i should send return value or an output parameters that the if the value equal to 1 then pass or fail?
even any such procedure templates would be helpful.
Thanks.
January 12, 2009 at 2:21 pm
RJ (1/12/2009)
I have a procedure to create wherein the parameters would be username & password. this password are already enrcryped in the database. so i would have to encrypt the passed in parameters & compare it against the encryped password in database.
How is it encrypted?
Most encryption functions are non-deterministic. The same value encrypted twice does not return the same encrypted value. So you typically have to decrypt and compare.
If it's hashed, rather than encrypted (which is better for a password, but make it impossible to know the actual value of the password) then you can hash and compare.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
January 12, 2009 at 2:24 pm
yes. it is hashed out.
January 12, 2009 at 2:29 pm
as it is hashed out I can hash the values & compare it against the database. but how will i communicate back to the application that the username as has been authenticated or failed?
whether an output parameters with values like 1=pass, 2= fail, 0= fail, .....
~thanks
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply