how to store nvarchar value into the ascii format in column

I working with the user login module. So I want give some security like in sql server login table I have UserID, Username, Password & Confirm Password. In this session I want store Password & Confirm Password Columns show the value into the Ascii Format

more ▼

asked Oct 26, 2009 at 03:20 AM in Default

avatar image

22 2 2 4

(comments are locked)
10|1200 characters needed characters left

2 answers: sort voted first

Best not to store the user's password at all. Use SALT and HASH to convert the password to something else, and store that. Use the same SALT and HASH to modify the password next time then login, and compare the SALT'd and HASH'd value against the value stored in the database.

If you store the password using any simple algorithm that is reversible and someone steals your password table then what? Likelihood is that those users have used the same password for their Online Banking (idiots! but YOU can't stop them doing that :( )

You then need a routine for allocating them a new password when they forget it - rather than just emailing them their current password - because, with SALT and HASH you cannot reverse the process so you can never actually discover their original password.

My suggestion for that is that you have an additional column for NewPassword and ExpiryDate and you send them the NewPassword in an email and store the ExpiryDate. You then let them login using either their original password (in case they remember it in a flash of brilliance!) or the NewPassword - but only up to the ExpiryDate - e.g. a couple of hours.

Note that when they login using the NewPassword you need to force them to enter a new password (which you store in the Password field)

Note also that the NewPassword should also be stored using SALT and HASH

more ▼

answered Oct 27, 2009 at 07:40 AM

avatar image

Kristen ♦
2.2k 7 11 14

(comments are locked)
10|1200 characters needed characters left

One option is to convert it into varbinary

more ▼

answered Oct 26, 2009 at 03:57 AM

avatar image

1.1k 3 5 9

(comments are locked)
10|1200 characters needed characters left
Your answer
toggle preview:

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

SQL Server Central

Need long-form SQL discussion? SQLserverCentral.com is the place.



asked: Oct 26, 2009 at 03:20 AM

Seen: 2840 times

Last Updated: Oct 26, 2009 at 03:20 AM

Copyright 2018 Redgate Software. Privacy Policy