Hello,
Could anybody explain: is following supposed to work:
CREATE LOGIN test
WITH PASSWORD=0xF1E9E5CA9A79F7B5D883FA4D9680ED1D4D9AAB12 HASHED,
CHECK_POLICY = OFF;
GO
where
0xF1E9E5CA9A79F7B5D883FA4D9680ED1D4D9AAB12
result of
SELECT HASHBYTES ('SHA1','$Test123#')
execution of 'create login' results in following error
Msg 15021, Level 16, State 2, Line 1
Invalid value given for parameter PASSWORD. Specify a valid parameter value.
Interesting enough is that if I use MD5 the hash is 8 bytes shorter and create login works but actual login procedure does not. And if I just use plain text password without HASHED everything works.
This is on sqlexpress 2005 sp2. Is this specific to express version?
I've noticed that realatively old SQL BO 2005 states that hashed password should be passed as literal in single quotations ' *** ' (and it does not work) and msdn online states that in case of HASHED hexadecimal value should be passed without single quotations, anyway does not work either ...
BOL is very terse on the subject of creating a login with a hashed password. I need to store a script file with a create login for a sql server login, and I don't want the password as plain text. Here is what I've tried:
Code Snippet
declare @input nchar(5), @output varbinary(8000)
set @input = N'A123b'
select @output = hashbytes('sha1', @input)
select @output
create login test with password = '0x22A9EA652CFC38938D56A9C3872B266B192D16D9' hashed
go
This returns the error:
Msg 15021, Level 16, State 2, Line 1
Invalid value given for parameter PASSWORD. Specify a valid parameter value.
Can anybody provide a working example? Am I way off base on the usage of this functionality?
My PC is Window XP Pro and I'm using Microsoft SQL Server 2005 Express and Microsoft SQL Server Management Studio Express. My question is how to create a login userid and password under "SQL Server Authentication"? (as shown in http://www.findingsteve.net/print_screen.jpg) Any tutorial about this I can read?
I am using SQL Server 2005 at home. My problem is I forgot my password to log in to my server. I only remember user name is 'sa'. I haven't used it for two to three months. So I forgot password. Previously, When I used sql server 2000, my login is as windows login. so no problem. But this time, I set seperate log in and I got this problem. Any help will be appreciated. Thanks George
I have seen alot of comments posted about an Issue in SQL2005 that no one at microsoft could really answer. If a user would try to alter his own login, it would fail stating a permissions error.
This is what I did to get it to work .
USE my_dataBase GO
Alter Login [my_login] WITH PASSWORD = 'newpassword' OLD_PASSWORD = 'oldpassword'
In previous examples, people were trying to do an alter login without first narrowing it to the database. If you do not include the USE statement it will fail.
Another thing to note is that they can only change certain things....they cannot turn off check_policy or check_expiration.
Hi all, In the DB i have stored the username and password. i had stored 'am' as password and wen i use 'Am' to login, it wil redirect to my next page correctly.Can we do any string comparison for that? Normally how can this problem be solved? Try con.Open() cmd = New SqlCommand("select CompanyId,Password from CompanyDetails where CompanyId=" & uname & " and Password='" & pass & "'", con) Dim sdr As SqlClient.SqlDataReader = cmd.ExecuteReader If sdr.HasRows Then sdr.Read() Me.Session.Add("value", Val(txtuser.Text)) Response.Redirect("ViewDetails.aspx") Else Err.Text = "Invalid UserName/Password." End If Catch ex As Exception Err.Text = ex.Message Finally con.Close() End Try
Hi,I have developed site which has a resource file which connects to sqlserver using login name and password.Now my client doesn't want me to login to production database. bu the packing of the system is with me. is there any way to solve this issuse so that i can package the software without knowing database login name and password.TIAAmit
I created a cursor that moves through a table to retrieve a user's name.When I open this cursor, I create a variable to store the fetched name to use within the BEGIN/END statements to create a login, user, and role.
I'm getting an 'incorrect syntax' error at the variable. For example ..
CREATE LOGIN @NAME WITH PASSWORD 'password'
I've done a bit of research online and found that you cannot use variables to create logins and the like. One person suggested a stored procedure or dynamic SQL, whereas another pointed out that you shouldn't use a stored procedure and dynamic SQL is best.
SQL Server 2005 Express will not allow me to change the password for my login user. I tried deleting the user and re-creating the user. Another password is being put in although the password I put in was accepted. I even test to see what would happen if I left the password blank. It got accepted. But when I look at the password for my login user again, a different and much longer password was put in. I even tried this T-SQL statement:
CREATE LOGIN <loginname> WITH PASSWORD='<passwordname>', CHECK_EXPIRATION = OFF, CHECK_POLICY = OFF
Earlier one of my team member has created a user login and password but forgot the password after few days and now we need to know the password of that login. Some of the application are using this login so we can delete and create a new login with the same name hence is there any possibility or script to find out the password of the existing login.
How can you force a password, from a sql login, to expire?
I would like to use the password expiration feature for sql logins in SqlServer 2005. The msdn document provides example code for SqlClient SqlConnection.ChangePassword like in Bob Beauchemin's book. http://msdn2.microsoft.com/en-us/library/system.data.sqlclient.sqlconnection.changepassword.aspx
There is a modify_date in the system view sys.sql_logins but that is read-only.
I have a 3 node cluster running windows 2003 x64 sp1 and SQL Server 2005 version 9.00.2153. My problem is the following...
This Saturday I migrated a web application's database to this server. After restoring the database I created the sql login for the service account, set the password and disabled the password policy for this login. I then ran sp_change_users_login to attach the already existing db user with the same name to the login. I changed the connection string for the application, tested the application connectivity and functionality then detatched the old database on the old server. Everything went like clockwork, no problems at all.
Come Monday morning at 8:35 I started getting alerts that the web site was down. I tested the site and sure enough it was down. I then attempted to connect to the database server using the login that was created for the app and the connection failed. I logged in with my ID and got in fine. Nothing showing to be wrong with the DB, I checked the new login and somehow the "Enable Password Policy" had been set for the new login. I disabled it and still no connection. I went to the database and checked the DB user and somehow the link between it and the login no longer existed. I reran the sp_change_users_login and restested the web site and verified that that web site was back online.
My question is this, is there any stored proc that resets these values back to default for some reason, a series of events that might revert the "Enable Password Policiy" to the default for a login, or is there a particular domain level operation that might occur such as Security Polcies that would affect these settings in SQL?
No one else was on the machine when I went to check it out at 8:40 so it has left me puzzled.
Our company website runs off of Microsoft SQL Server. Someone tried changing the 'administrative' password but the way that they did it locks us out of the database.
Under Enterprise Manager there is a Security group, underneath here is a login. The person reset the password here on the login id that is the DBO for our website's database. Underneath the database in Enterprise Manager the dbo uses this login id. Where else does the password need to get reset in order for that login id to access the database? We cannot set it back to the previous password because it is unknown.
When we go to our website we get the following error: Error Executing Database Query. [Macromedia][SQLServer JDBC Driver]Error establishing socket. Connection refused: connect
Please try the following: Enable Robust Exception Information to provide greater detail about the source of errors. In the Administrator, click Debugging & Logging > Debugging Settings, and select the Robust Exception Information option. Check the ColdFusion documentation to verify that you are using the correct syntax. Search the Knowledge Base to find a solution to your problem.
Browser Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Hello,What are the default login/password to access pubs and northwind databases ?I remember the login = "sa", but nothing about the password.ThanksEric
Is there a way to set up automated email notification beginning 14 days prior to when a SQL Server Login password (that has "Enforce password expiration" enabled) will expire?
i am getting bellow error Error: 18456, Severity: 14, State: 8.Login failed for user 'sa'. Reason: Password did not match that for the login provided. but no one is logging for that particular [clint :ip].this error occurring automatically. in this case in my environment log shipping is configured and the secondary database server getting this issue.when i disable the copy and restore jobs and bring the database in online. i am not getting that error .
I used to have an Access database which had tables for users, roles, actions etc.
This was used by a C++ client app (using ADO) which logged in, got the user ID and password (by raising a login dialog ) and then checked these against a user table and then assigned the roles and possible actions.
Now we have SWL Server Express 2005 - NT Authorisation - how do I get/pass the user ID to the C++ Application so it can get the associated roles? Seems silly to have 2 logins.
Better still can I do away with the App's User table or make its password column invisible to all users bar Admin and the C++ App?
Error: 18456, Severity: 14, State: 8. Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT:####] Login failed for user [sa] Error: 18456, Severity: 14, State 38
Failed to open the explicitly specified database but no one is logging for that particular [clint :ip].this error occurring automatically. in this case in my environment log shipping is configured and the secondary database server getting this issue.when i disable the copy and restore jobs and bring the database in online. i am not getting that error .
I have a stored procedure that validates a user login against a username and password field. How can I ensure case sensitivity in the stored procedure for the password field?
We have an application using SQLOLEDB connection to a SQL Server 2005 database. Per domain policy, the users are required to change their password every 60 days.
The accounts are established to 'Enforce password policy'.
When we try to execute the 'ALTER LOGIN' command to change the password, locks are being established and will not free the account without bouncing the instance.
After issuing the command, any interaction with the server using this UserID results in a "lock request time out" error 1222.
I have tried issuing this command using both the application and through SQLServer Mgmt Studio Express and the results are the same.
I have a deadlock situation, part of the problem looks like this;spid ecid dbid ObjId IndId Type Resource ModeStatus------ ------ ------ ----------- ------ ---- ---------------- -------------404 0 9 792389892 1 KEY (010086470766) SIUWAIT72 0 9 792389892 1 KEY (010086470766) SIUWAIT115 0 9 792389892 1 KEY (010086470766) SIUWAIT61 0 9 792389892 1 KEY (010086470766) ISWAIT318 0 9 792389892 1 KEY (010086470766) SIUWAIT430 0 9 1112391032 1 KEY (010086470766) XGRANTThey are key locks I am used to the resource value generally beingunique by table. I am wondering if the other 'WAIT's are indeedwaiting based on the 'unique' resource value. Note that the exclusivegrant is on a different table but, the resource rsc_text value is thesame. Looking it up I get for a key lock that it's a hashed value, myreferance tells me what is is for a non-clustered index but, does notexplain what it would be for a clustered index.Does it protect this resource based exclusively on resource rsc_text oris it unique by ObjID/Rsc_text, has anyone seen this before?Suggestions?SQL Server 2000/SP3-Chris
Hi. I have a DetailsView with Bound Fields "Login" and "Password". This informations are stored in SQL database. How to solve such authorization? How to compare password stored in database against passowrd typed by user? Is this a good idea to use CustomValidator control to write some checking procedure?. Regards. Pawel.
I currently have a login page in asp.net 2.0 linked to a SQL 2005 database table that holds the usernames and passwords. At present, I am on an "honor system" where I do have access to the passwords of the other users but would like to change it so that I cannot know what the users' passwords are. Thank goodness that there is no personal information within the pages and the logins were created to keep a log of who logs in and what not. However, I would like to soon hold more personlized information, hence the need to encrypt each user's password even from myself. I have read up on Symmetric Encryption for SQL 2005 but I would like to know if there is anything else available, any good proven methods that someone else has already tried. Also, while testing out Symmetric Encryption, I noticed that I have to supply the encryption password for the decryption. However, if I know what the password for the encryption/decription is, does it not defeat the purpose of having the encryption at all, in terms of the "Admin" having access to sensitive information? Just curious if I understood the concept correctly or not. Thanks in advance to all.
I have an application which uses a login with an encrypted password. Everything works well, no errors in the application. My SQL Server errorlogs keeps recording:
Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
I know this message is related to the login with the encrypted password (tracked it with Profiler) My question: Is it normal that the error log tracks this message because the password is encrypted?
hi i have created a username and a password in sqlserver 2000 from logins in Enterprise manager and i permit him to the database i need to connect to .. and i check all server roles for that user and i make sqlserver authentication for him with a password and then i goto the udl file to connect to that database using that user it fails !! and says
"login failed for that user 'myusername' reason not associated with a trusted sqlserver connection"
while i use NT integrated security it works well so how can i connect to sqlserver using a username and a password
