Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
ourspt
Starting Member
33 Posts |
 Posted - 2005-05-16 : 09:58:56
|
| Hi,We are using the binary form to store the passwords in our project. But we are going into some issues with the binary formats. In other words, let us say my password in binary form, happens to be '0x20161C8Z0D1641'. Say my password field length is 30. Sometimes it stores this as the given binary value for the password and some times it stores it as'0x20161C8Z0D1641000000000000000000000000000000000000000000000' (i.e, right pads zeroes for the complete length of the field)With this, if my password is 'abc', when I try to validate it with the stored password, the validation passes for 'abc' as well as most of the strings that start with 'abc', like 'acbcccccc', 'abcaaa' etc.Is there a way to avoid this problem? Would it work if I change my data type from varbinary to binary or something like that?Thanks in advanceourspt |
|
|
Michael Valentine Jones
Yak DBA Kernel (pronounced Colonel)
7020 Posts |
Posted - 2005-05-16 : 15:03:42
|
| Avoid the whole issue by not storing apsswords in your database. VARBINARY is not secure. Just store hashes of your passwords instead; that is a more standard way of handling passwords. When someone logs in, run their password through the hash procedure, and compare it to the stored hash value. That way no passwords are stored in the DB.CODO ERGO SUM |
 |
|
|
|
|
|
Problems with Binary values