Re: Storing passwords in a database

Hi Mikael

With SQLServer u can use these undocumented functions:

update users set user_pass = pwdencrypt('your password') where userid =
'xyz'

select userid from users where user_pass = pwdcompare('typed password')
and userid = 'xyz'

I use them from 3 years, at last, and never had a problem with them.

HTH

AdamStefanCosta




"Mikael Lenfors" <mikael@xxxxxxxxxx> wrote in message
news:45618aa8@xxxxxxxxxxxxxxxxxxxxxxxxx
Hello!

We have a user register in a SQL server database. The users passwords are
currently stored in varchar fields in clear text! We now want to store
these passwords in encrypted form. What is the best way to do this?

I found the code below for encrypting/decrypting strings, would this be a
good way to do it? Is there any problems with the encrypted string
containging ascii zeroes and inserting them into the varchar string?

Is there another better way to do it?

Regards Mikael


'Create a Passport object
Dim oMgr
Set oMgr = Server.CreateObject("Passport.Manager")
Dim oCrypt
Set oCrypt = Server.CreateObject("Passport.Crypt")
Dim thisURL
thisURL="http://"; & Request.ServerVariables("SERVER_NAME") &
Request.ServerVariables("SCRIPT_NAME")
If oMgr.IsAuthenticated(3600,False,False) then
'Set the sign-out URL - return to the Default.asp
ruURL = Server.URLEncode ("http://"; &
Request.ServerVariables("SERVER_NAME") & "/Brief/default.asp")
Else
'Set the sign-in URL - stay on this page
ruURL = thisURL
End if
Response.Write ("<DIV Style = 'position:absolute; right:50px'>" &
oMgr.LogoTag2(ruURL,3600,False,"nada",1033,False) & "</DIV>")
If oMgr.IsAuthenticated(3600,False,False) Then
Response.Write ("You are authenticated")
'Define and display original string
Dim mystring
mystring = "This is a string to be compressed, encrypted, transmitted,
decrypted, and finally decompressed."
Response.Write ("<br>Original string: " & mystring)

'Compress and Encrypt the string
mystring = oCrypt.Compress(mystring)
mystring = oCrypt.Encrypt(mystring)

'This is where the encrypted string would be transmitted over the wire

'Decrypt, Decompress, and display the string
mystring = oCrypt.Decrypt(mystring)
mystring = oCrypt.Decompress(mystring)
Response.Write ("<br>Reconstructed string: " & mystring)

Else
Response.Write ("<br>You have not been authenticated within the last hour.
Please sign in or exit.")
End If




.

Relevant Pages

  • Storing passwords in a database
    ... Is there any problems with the encrypted string ... Dim oCrypt ... Dim mystring ... 'This is where the encrypted string would be transmitted over the wire ...
    (borland.public.delphi.database.ado)
  • Re: how do i import a text file with line wraps into a table
    ... Dim Directory As String ... Dim MyString As String ... Set dbs = CurrentDb ...
    (microsoft.public.access.externaldata)
  • Re: how do i import a text file with line wraps into a table
    ... Dim dbs As Database, rst As Recordset ... Dim Directory As String ... Dim MyString As String ... Set dbs = CurrentDb ...
    (microsoft.public.access.externaldata)
  • Re: how do i import a text file with line wraps into a table
    ... Dim dbs As Database, rst As Recordset ... Dim Directory As String ... Dim MyString As String ... Set dbs = CurrentDb ...
    (microsoft.public.access.externaldata)
  • Re: Email Merge in Word
    ... WHERE mystring is not null AND trim'' ... If the address looks blank but len) is> 0 then the field probably contains invisible non-space characters. ... Different software packages can treat "null", "a string set to ''", and "a string containing white space differently, and may also treat variable-length and fixed-length data differently in this respect. ...
    (microsoft.public.word.mailmerge.fields)