T-SQL (SS2K8) :: Is Comparison Of Hash Passwords Happens At Client Or DB Level

Jun 18, 2014

I was told that the authentication is a process that concerns about security. So the authentication process should be hidden from the client as possible and the client should receive a flag value (1= password is correct and authenticated, -1= incorrect password) and/or user name of the authenticated user. So it should be a SQL operation that should occur in the back end. So the process in detail should be, client form sends user name and hashed /encrypted password to SQL, SQL authenticates and it sends 1/-1 with the user name to the client as the return value and the output.

But when i do research that was not the case, all the threads i have seen on web, either the app is windows or web, developers do two operations:

1. the salt value of the user is searched by user name then return the salt value along with the PasswordHash to the client form / or to the business layer

2. Then use the entered password and the returned salt value to generate a PasswordHash and then compare this passwordHash with the returned passwordHash. if match password is correct if not password is incorrect.

Is this actually how developers write code to authenticate a user in a login event? If so basically the password comparison happens at the client side(either in the form or in the business layer) then wouldn't this be huge security risk by exposing the actual salt and passwordHash to the client?

View 5 Replies


ADVERTISEMENT

One-way Hash + E-commerce Passwords

May 8, 2008

Hiya,

I am wondering, in theory, how I would use a typical one-way hash function to protect customer password on my website server (which is a small e-commerce server)?

TRhanks MSDN, as always!

View 3 Replies View Related

T-SQL (SS2K8) :: Comparison Of Times In Same Field

Sep 22, 2015

I'm looking for comparing times in the same field. I have two tables, one table has times of sessions (multiple rows) and the other contains the session ID, start & end times of overall session block and each session length. I am looking for a way to compare from the start of the session until the end all the times sequentially and insert or mark all the sessions that fall between 10 min intervals.

i.e start 10:30 compare to 10:35 (no match), 10:30 to 10:40 (match 10:40 becomes new effective date), 10:40 to 10:45 (no match), 10:40 to 10:50 (match 10:50 new effective date).

I've attempted a couple of self join solutions but simply can't seem to get what I'm after.

CREATE TABLE MyTable (
[id] INT identity NOT NULL,
[sess_id] INT NOT NULL,
[Time] datetime NOT NULL
)
GO

[Code] .....

View 6 Replies View Related

T-SQL (SS2K8) :: Using A Date Comparison In A Case Statement?

Mar 19, 2015

I am trying to use a date comparison in a statement using the year statement as well. Here is what I have:

Case [LastHireDate]
When YEAR([LastHireDate]) < Year(@EndYearlyDate) then '12'
When Month([LastHireDate]) = '1' then '12'
When Month([LastHireDate]) = '2' then '11'
When Month([LastHireDate]) = '3' then '10'
When Month([LastHireDate]) = '4' then '9'

[Code] ....

When I am looking at it [LastHireDate] is showing that red line underneath. The < symbol has a red line and @EndYearlyDate has a red line. I can not seem to get them to clear and am, wondering what I am missing. When I execute the error comes up that it does not like the < sign in there.

Here is the full piece that the Case resides in:

Insert _Test
SELECT
EmpNo,
PersonIdNo,
REPLACE(PersonTaxIdNo,'-',''),
LastName,
FirstName,

[code]......

View 3 Replies View Related

T-SQL (SS2K8) :: Comparison In The Merge Statement About Null Values?

Aug 22, 2012

I use the merge statement in a sproc to insert, update and delete records from a staging table to a production table.

In the long sql, here is a part of it,

When Matched and

((Student.SchoolID <> esis.SchoolID
OR
Student.GradeLevel <> esis.GradeLevel
OR
Student.LegalName <> esis.LegalName
OR
Student.WithdrawDate <> esis.WithdrawDate
Student.SPEDFlag <> esis.SPEDFlag
OR
Student.MailingAddress <> esis.MailingAddress)

Then update

Set Student.Schoolid=esis.schoolid,
.....

My question is how about if the column has null values in it.for example

if schoolID is null in production table is null, but in staging table is not null, will the <> return true.or if either side of <> has a null value, will it return true.

I don't want it to omit some records and causing the students records not get updated.If not return true, how to fix this?

View 9 Replies View Related

SQL 2005 Passwords, Can It Be Configured To Accept Case-insensitive Passwords???

Jul 7, 2006

Users were able tolog on to our SQL 2000 servers with their passwords being case-insensitive.

Now with SQL 2005 some users can't logon because SQL 2005 passwords are case-sensitive.

Can SQL 2005 be configured so that passwords are NOT case sensitive???

Thanks!

View 6 Replies View Related

T-SQL (SS2K8) :: Combining Result In Column Level

May 14, 2014

Below is my sample table and data

With Item as(
Select 1 as ItemId,'ItemName1' as ItemName,100 as position union all
Select 2 as ItemId,'ItemName2' as ItemName,200 as position union all
Select 3 as ItemId,'ItemName3' as ItemName,300 as position union all
Select 4 as ItemId,'ItemName4' as ItemName,400 as position union all
Select 5 as ItemId,'ItemName5' as ItemName,500 as position union all
Select 6 as ItemId,'ItemName6' as ItemName,600 as position union all
Select 7 as ItemId,'ItemName7' as ItemName,700 as position),

Mapping as (
Select 1 as Parent, 2 as child union all
Select 1 as Parent, 3 as child union all
Select 1 as Parent, 4 as child union all
Select 5 as Parent, 6 as child union all
Select 5 as Parent, 7 as child )Expected Result:

ParentItemIdParentItemNameParentpositionChildItemIdChildItemNameChildposition
1ItemName11002ItemName2200
1ItemName11003ItemName3300
1ItemName11004ItemName4400
5ItemName55006ItemName6600
5ItemName55007ItemName7700

I was thinking to achieve using union all but if i use union all it will combine the result in rows level. but i need in column level.

View 5 Replies View Related

T-SQL (SS2K8) :: Cannot Access Server From Client App?

Jan 26, 2015

I have a C# windows app trying to access database based the connection string stored in teh app.config file

Here is my app.config parameters

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<connectionStrings>
<add name="con1" connectionString="data Source=127.0.0.1sinclair;initial catalog=kingsroad;uid=balrock;pwd=123456;integrated security=True" />

</connectionStrings>
</configuration>

The reason I want to put an ip address on connection string i just want to create connection strings as people do in their work. When the app tried access the connection string it gives the error in the attachment.

Because I haven't used this user/password for a long time I'm pretty sure the user name and password is correct but i have the following questions

1. Assume the user and password is incorrect, is there way to reset this?
2. what other configuration that i need to do in order to make teh C# app access this Database?

View 2 Replies View Related

T-SQL (SS2K8) :: How To Create Login For Client App

Jan 30, 2015

I have a client application written from C#/winforms app that needs access SQL DB on SQL server 2008 R2 developer. So I need to create a Login for this app with a user/password. But when i created it and put it on the client's connection string, the DB could not be accessed by the client windows forms app and the error was "Login failed for User App1".

Then I tried to login to SQL server from SSMS using the credentials of App1 but it also gave same error "Login failed for user App1". I have following the following steps of creation of the login for App1. i could login from "sa" account and other Admin accounts but not from "App1" account

1. created a server level Login
2. created a DB level user
3. created a Role (a DB role), i even tried creating an App Role
4. given permission to execute stored procedures that handle login

But didn't work. Maybe i made some mistakes in those step. So, how to create an account for user "App1" so it can be accessed by the client windows app and also from SSMS? i would prefer to use account creation from SSMS GUI.

How do i install SQL server 2008R2 in local machine with network accessibility features?

View 1 Replies View Related

T-SQL (SS2K8) :: Export Data To Client Remote Desktop?

Feb 26, 2015

I need to write a stored procedure or SSIS to export data to client's desktop. What is the best way to achieve it?

The requirement is to develop a web application the client can click on the button and the file will be saved to the clients' local C drive.

How should I configure the destination path here?

View 3 Replies View Related

T-SQL (SS2K8) :: Date Comparison In Two Table By Returning Nearest Date Of Table A In Table B

Jun 9, 2014

I am having a problem in creating query for this exciting scenario.

Table A

ID ItemQtyCreatedDatetime
W001 CB112014-06-03 20:30:48.000
W002 CB112014-06-04 01:30:48.000

Table B

IDItemQtyCreatedDatetime
A001 CB112014-06-03 19:05:48.000
A002 CB112014-06-03 20:05:48.000
A003 CB112014-06-03 21:05:48.000
A004 CB112014-06-04 01:05:48.000
A005 CB112014-06-04 02:05:48.000

I would like to return the nearest date of Table B in my table like for

ID W001 in table B should return ID A002 CreatedDatetime: 2014-06-03 20:05:48.000
ID W002 in table B should return ID A004 CreatedDatetime: 2014-06-04 01:05:48.000

View 3 Replies View Related

Hash In RS

Apr 5, 2007

Hi,

I need to take the Social Security number and hash it into a unique identifier because I can't display Social Security numbers on a report.

Does Reporting Services have any encrypting/hashing routines that I can use?

Any suggestions?

Thanks.

View 2 Replies View Related

Column Level Or Database Level Encryption/decryption....

Jan 16, 2008

I want to perform column level and database level encryption/decryption....
Does any body have that code written in C# or VB.NET for AES-128, AES-192, AES-256  algorithms...
I have got code for single string... but i want to encrypt/decrypt columns and sometimes the whole database...
Can anybody help me out...
If you have Store procedure in SQL for the same then also it ll do...
Thanks in advance

View 1 Replies View Related

High Level &&amp; Detail Level Design Documents

Nov 19, 2007



Hi,
AM in need of SSRS 2005 design documents for a project purpose. Can somebody let me know where can i find these documents? Thanks in advance

View 1 Replies View Related

Hash Function In SQL

Jun 7, 2008

Hello,
I would like use hash function from C# in my SQL procedure. But I don't know how.
Martina

View 4 Replies View Related

Password Hash

Jul 20, 2005

It seems like there is no built in procedure for making a password hash inSQL2000. Am I wrong.Do I have to make it from scratch myself or is there samples out there?/Jens Ulrik

View 3 Replies View Related

How To Create Hash?

Mar 12, 2008

Hi!

I want to know wether SQL Server 2005 (that I use) has a built in support for creating MD5 hashes and if it has then can someone give me an example how to use it.

I need to create hash of image field and then compare it to another one that has been sent from application. The hash from my app is sent as string so it would be great if the hash result would be returned as 32 character string

The Software is wrintten in visual basic .net 2005 and it has a built in MD5 hash function so I have taken care of that part.

P.S. If SQL Server 2005 doesn support MD5 maybe someone know other hash alghoritms that Server does support (maybe one that also is supperoted by VB.NET 2005).

View 6 Replies View Related

Need Example Of A Hash Function.....

Aug 17, 2006

Many articles on sql server security make reference to Hash functions. Do you know of a simple example of a hash function that I could show to others?

For example, would taking the first eight bytes of the mathematical "sin" of a number be a good function? I don't know. Or is a hash "function" actually an involved algorithm, so the "simple" formula I was looking for really doesn't exist.

TIA,

Barkingdog



View 6 Replies View Related

Hash Structure In T-SQL

Apr 17, 2007



Do we have a hash structure in t-sql ? I want that a stored procedure accept a hash table as input (which contains 'column names => new_value' as keys and values). A small piece of code demonstrating the use can be useful.

View 4 Replies View Related

Hash Buckets (sp_configure)

May 15, 2000

Hi, I've been through Books Online, Technet, MSN and the archives on this site trying to get a difinite answer on this. Everything except Technet indicates a maximum configurable value of 265003. However in Technet, it says that if you are running the enterprise edition with more than 2GB of memory that you can configure this to a much higher number (their example is 700000). Using the calculation involving memory, and based on several dozen performance tests, we would like to set our value to around 666000 (using the prime number of course). However we cannot get SQL to accept any value over the default maximum.

Is Technet wrong? Are we missing something? I cant find any reference other than in Technet on being able to use the higher number.

Thanks in advance,
Chris

View 1 Replies View Related

Different MD5 Hash For Identical Records

Apr 8, 2008


I have implemented a script to perform a MD5 hash on each row processed by the SSIS package so that it can be compared with a stored value to see if there has been a change in the record. This package processes over 1 million rows. In 12 of these rows I get a hash value that is different than the stored value despite the fact that the rows "look" identical. Curious about this, I used the both the CheckSum and Binary_Checksum feature from t-sql to check the rows and they both show the identical checksum value. I have exported the rows into text and did a compare and the records are identical. I assume there must be some hidden characters that is causing the hash to be different, has anyone else run into this issue? Any help is much appreciated.

View 5 Replies View Related

Compare String To Hash Value

Mar 30, 2007

Ok, here is what i'm trying to do and its driving me nuts.



ok,



1) I have a proc that runs and needs to validate the user prior to running - this proc is called from an hand held device

2) the id and password are being passed as "clear text" but the password is stored in the database table hashed.





Is there anything on the db side that can get the hash value from the password column of the aspnet_membership table and compare it to the password being passed in to this proc? I have suggested several options to the handheld developer but nothing. This has to be done on the database side.



so,

username and password are passed to proc from handheld.

proc needs to validate ther user in the aspnet_membership table

if user id and password are valid execute the stored procedure





is this possible? if so can ANYONE point me to some examples of this being done?

View 4 Replies View Related

Hash Join In SSIS…why Not

Jan 29, 2008

In my example I join two tables DimCustomer and FactInterSales from AdventureWorksDW database
In T-SQL it's simply query



Code Snippet
select a.CustomerKey,
a.FirstName,
b.SalesOrderNumber
from AdventureWorksDw.dbo.DimCustomer a,
AdventureWorksDw.dbo.FactInternetSales b
where a.CustomerKey=b.CustomerKey





In SSIS it's simple task too
€˜As input two queries stored in variable ADO.Recordset




Code Snippet
Public Sub Main()

Dim SrcAd As New OleDbDataAdapter
Dim SrcA As New Data.DataTable("DimCustomer")
Dim SrcB As New Data.DataTable("FactInterSale")
Dim DstC As New Data.DataTable("Output")

Dim TabA As New Hashtable()

SrcAd.Fill(SrcB, Dts.Variables("varFactInternetSales").Value)
SrcAd.Fill(SrcA, Dts.Variables("varDimCustomer").Value)

€˜ create destination product
Dim col01 As DataColumn = New DataColumn("CustomerKey")
col01.DataType = System.Type.GetType("System.Int32")
DstC.Columns.Add(col01)
Dim col02 As DataColumn = New DataColumn("FirstName")
col02.DataType = System.Type.GetType("System.String")
DstC.Columns.Add(col02)
Dim col03 As DataColumn = New DataColumn("SalesOrderNumber")
col03.DataType = System.Type.GetType("System.String")
DstC.Columns.Add(col03)

€˜ populate hash table based on PrimaryKey
For Each row As DataRow In SrcA.Rows
TabA.Add(row.Item("CustomerKey").GetHashCode(), row)
Next (row)

Dim myNewRow As DataRow
Dim tmpRow As DataRow

€˜ make hash join
For Each row As DataRow In SrcB.Rows

tmpRow = CType(TabA(row.Item("CustomerKey").GetHashCode()), DataRow)
myNewRow = DstC.NewRow()
myNewRow("CustomerKey") = tmpRow.Item("CustomerKey")
myNewRow("FirstName") = tmpRow.Item("FirstName")
myNewRow("SalesOrderNumber") = row.Item("SalesOrderNumber")
DstC.Rows.Add(myNewRow)
Next (row)

€˜ write DataTable in SSIS variable for other processing
Dts.Variables("varOutput").Value = DstC
Dts.TaskResult = Dts.Results.Success
End Sub





View 4 Replies View Related

Hash Bucket Setting For Server With 1 Gig Of RAM ?

Aug 6, 2001

View 3 Replies View Related

SQL 2012 :: Hash On A Column In Table

Nov 4, 2015

Here what I want to accomplish, I have table that has 15 column one of the columns is ClientID that is about max 45char. I want to be able to hash on the column and return the hash value in a new column call ClientID_Hash. Is this possible?

View 2 Replies View Related

Drop Primary Key Constraint Of (#) Hash

Jul 20, 2005

Hi there,I have created a hash table. After using it, somehow the primary keyconstraint of this hash table still exist in database. Which causeerror.When I delete this constraint with Alter table Drop con....It gives no table exist error.Can anybody give any idea.Thanks in Adv.,T.S.Negi

View 2 Replies View Related

Nested Loop Vs. Hash Match?

Dec 20, 2007

I have two queries that seem to be the same, but perform very differently. The first query runs very fast (7000+ records returned in <1 sec.). The execution plan shows that it uses a nested loop with index seeks on both tables.

select *
from t_loadbasic

where ld_nbr in (select ld_nbr from t_tripcombined where comp_date between '11/1/07' and '11/05/07')



The second query is almost the same, save the fact that it uses date variables instead of hard dates. The execution plan shows that it uses a hash match instead of a nested loop with an index scan on the main table (t_loadbasic). This query takes about 12 seconds to run.


declare @startdate datetime


,@enddate datetime


set @startdate = '11/1/07'

set @enddate = '11/5/07'


select *
from t_loadbasic

where ld_nbr in (select ld_nbr from t_tripcombined where comp_date between @startdate and @enddate)

I'm trying to figure out why the database executes these two statements so differently. BTW, I've tried switching the order of the tables. I've tried using joins instead of a subquery. The execution plan seems completely dependant on the use of variables. I can attach the execution plans if necessary.

I apologize if this is too simple a question, but I couldn't find an answer on any forums, web searches or BOL. Thanks in adavance.

View 1 Replies View Related

Example Of Merge ,hash And Nested Join

Jun 21, 2006

Could Any body Please give me one example of each of three types of joins that is
Merge Join
Hash Join
Nested join

View 5 Replies View Related

CHECKSUM , Produces Same Hash For Two Different Inputs. Is This Right?

Jul 25, 2007

Hi,

We are using binary_checksum in some of instead of update trigger. The problem came into the knowledge when update falied without raising any error. We came to know after research that checksum returns same number for two different inputs and thats why update failed.

We are using following type of inside the trigger.



UPDATE [dbo].[Hospital]

SET

[HospitalID]= I.[HospitalID],

[Name]= I.[Name],

[HospitalNumber]= I.[HospitalNumber],

[ServerName] = I.[ServerName],

[IsAuthorized]= I.[IsAuthorized],

[IsAlertEnabled]= I.[IsAlertEnabled],

[AlertStartDate]= I.[AlertStartDate],

[AlertEndDate]= I.[AlertEndDate],

[IsTraining]= I.[IsTraining],

[TestMessageInterval]= I.[TestMessageInterval],

[DelayAlertTime]= I.[DelayAlertTime],

[IsDelayMessageAlert]= I.[IsDelayMessageAlert],

[IsTestMessageAlert]= I.[IsTestMessageAlert],

[IsUnAuthorizedMessageAlert]= I.[IsUnAuthorizedMessageAlert],

[IsWANDownAlert]= I.[IsWANDownAlert],

[IsWANUpAlert]= I.[IsWANUpAlert],

[CreateUserID]= Hospital.[CreateUserID],

[CreateWorkstationID]= Hospital.[CreateWorkstationID],

[CreateDate]= Hospital.[CreateDate] ,

/* record created date is never updated */

[ChangeUserID]= suser_name(),

[ChangeWorkstationID]= host_name(),

[ChangeDate]= getdate() ,

/* Updating the record modified field to now */

[CTSServerID]= I.[CTSServerID]

FROM inserted i

WHERE

i.[HospitalID]= Hospital.[HospitalID]

AND binary_checksum(

Hospital.[HospitalID],

Hospital.[Name],

Hospital.[HospitalNumber],

Hospital.[ServerName],

Hospital.[IsAuthorized],

Hospital.[IsAlertEnabled],

Hospital.[AlertStartDate],

Hospital.[AlertEndDate],

Hospital.[IsTraining],

Hospital.[TestMessageInterval],

Hospital.[DelayAlertTime],

Hospital.[IsDelayMessageAlert],

Hospital.[IsTestMessageAlert],

Hospital.[IsUnAuthorizedMessageAlert],

Hospital.[IsWANDownAlert],

Hospital.[IsWANUpAlert]) !=

binary_checksum(

I.[HospitalID],

I.[Name],

I.[HospitalNumber],

I.[ServerName],

I.[IsAuthorized],

I.[IsAlertEnabled],

I.[AlertStartDate],

I.[AlertEndDate],

I.[IsTraining],

I.[TestMessageInterval],

I.[DelayAlertTime],

I.[IsDelayMessageAlert],

I.[IsTestMessageAlert],

I.[IsUnAuthorizedMessageAlert],

I.[IsWANDownAlert],

I.[IsWANUpAlert]) ;





Here is the checksum example which produces same results for two different input.





DECLARE @V1 VARCHAR(10)

DECLARE @V2 VARCHAR(10)

SELECT @V1 = NULL, @V2=NULL

SELECT binary_checksum('KKK','San Jose','1418','1418SVR ',0,1,@V1,@V2,0,30,180,1,0,1,1,1),

binary_checksum('KKK','San Jose','1418','1418SVR ',1,1,@V1,@V2,0,30,180,1,1,1,1,1)



Lookat the two binary_checksum above, they are different and should not match, but they both return same value.



Can someone please provide some info on these.

View 4 Replies View Related

ForEach Loop - Getting MD5 Hash Of File

Nov 11, 2006

Hi Guys,

I'm importing logs from multiple servers from CSV format into a table. Inside the loop the 1st thing I do is insert the FileName into a table to ensure that I never process the same file twice.

The problem is that multiple servers produce the same filename, so if server A produces Log20061110.csv - when I import the log from server B ( also called Log20061110.csv ) into the table, it of course runs into a problem.

If there was some way for me to get an MD5 Hash of the file as a variable that would be solve my problem.

Does anyone know how I could accomplish that?

Thanks
Warrick

View 2 Replies View Related

SQL 2012 :: Contained Users Password Hash

Mar 13, 2014

I would like to perform an audit of weak passwords, which is well documented for sql users. Using the same methodology, I should be able to audit weak passwords for contained users. To accomplish this, I must be able to find the location of the password hashes for the contained users.

I have looked at sys.syslogins and sys.sql_logins, which both have the password hash for server level users, but not contained users. I was able to find sys.sysusers, which does contain contained users, but no password hash.

What is the location of the password hashes for contained users?

View 0 Replies View Related

SQL 2012 :: Hash Deleted And Auto-increment ID By 2 Not 1?

Sep 15, 2014

When I have a record that I copy and paste (Access 2010 datasheet view) into a new record with one column having a unique constraint , I display message "Cannot insert duplicate code" then if not all values in the record are inserted , I get a #deleted in all columns Refreshing , I find that the id is incremented by 2 instead of one.

That is if the previous record has ID 20 , the #deleted record has ID 22 .

avoid the #deleted which happens if not all columns are filled.

View 9 Replies View Related

User Password Hash Algorithm And Salt Value

Sep 22, 2014

How to find hash algorithm and salt value for sql logins in sql server 2005.

View 7 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved