T-SQL (SS2K8) :: Is Comparison Of Hash Passwords Happens At Client Or DB Level
Jun 18, 2014
I was told that the authentication is a process that concerns about security. So the authentication process should be hidden from the client as possible and the client should receive a flag value (1= password is correct and authenticated, -1= incorrect password) and/or user name of the authenticated user. So it should be a SQL operation that should occur in the back end. So the process in detail should be, client form sends user name and hashed /encrypted password to SQL, SQL authenticates and it sends 1/-1 with the user name to the client as the return value and the output.
But when i do research that was not the case, all the threads i have seen on web, either the app is windows or web, developers do two operations:
1. the salt value of the user is searched by user name then return the salt value along with the PasswordHash to the client form / or to the business layer
2. Then use the entered password and the returned salt value to generate a PasswordHash and then compare this passwordHash with the returned passwordHash. if match password is correct if not password is incorrect.
Is this actually how developers write code to authenticate a user in a login event? If so basically the password comparison happens at the client side(either in the form or in the business layer) then wouldn't this be huge security risk by exposing the actual salt and passwordHash to the client?
View 5 Replies
ADVERTISEMENT
May 8, 2008
Hiya,
I am wondering, in theory, how I would use a typical one-way hash function to protect customer password on my website server (which is a small e-commerce server)?
TRhanks MSDN, as always!
View 3 Replies
View Related
Sep 22, 2015
I'm looking for comparing times in the same field. I have two tables, one table has times of sessions (multiple rows) and the other contains the session ID, start & end times of overall session block and each session length. I am looking for a way to compare from the start of the session until the end all the times sequentially and insert or mark all the sessions that fall between 10 min intervals.
i.e start 10:30 compare to 10:35 (no match), 10:30 to 10:40 (match 10:40 becomes new effective date), 10:40 to 10:45 (no match), 10:40 to 10:50 (match 10:50 new effective date).
I've attempted a couple of self join solutions but simply can't seem to get what I'm after.
CREATE TABLE MyTable (
[id] INT identity NOT NULL,
[sess_id] INT NOT NULL,
[Time] datetime NOT NULL
)
GO
[Code] .....
View 6 Replies
View Related
Mar 19, 2015
I am trying to use a date comparison in a statement using the year statement as well. Here is what I have:
Case [LastHireDate]
When YEAR([LastHireDate]) < Year(@EndYearlyDate) then '12'
When Month([LastHireDate]) = '1' then '12'
When Month([LastHireDate]) = '2' then '11'
When Month([LastHireDate]) = '3' then '10'
When Month([LastHireDate]) = '4' then '9'
[Code] ....
When I am looking at it [LastHireDate] is showing that red line underneath. The < symbol has a red line and @EndYearlyDate has a red line. I can not seem to get them to clear and am, wondering what I am missing. When I execute the error comes up that it does not like the < sign in there.
Here is the full piece that the Case resides in:
Insert _Test
SELECT
EmpNo,
PersonIdNo,
REPLACE(PersonTaxIdNo,'-',''),
LastName,
FirstName,
[code]......
View 3 Replies
View Related
Aug 22, 2012
I use the merge statement in a sproc to insert, update and delete records from a staging table to a production table.
In the long sql, here is a part of it,
When Matched and
((Student.SchoolID <> esis.SchoolID
OR
Student.GradeLevel <> esis.GradeLevel
OR
Student.LegalName <> esis.LegalName
OR
Student.WithdrawDate <> esis.WithdrawDate
Student.SPEDFlag <> esis.SPEDFlag
OR
Student.MailingAddress <> esis.MailingAddress)
Then update
Set Student.Schoolid=esis.schoolid,
.....
My question is how about if the column has null values in it.for example
if schoolID is null in production table is null, but in staging table is not null, will the <> return true.or if either side of <> has a null value, will it return true.
I don't want it to omit some records and causing the students records not get updated.If not return true, how to fix this?
View 9 Replies
View Related
Jul 7, 2006
Users were able tolog on to our SQL 2000 servers with their passwords being case-insensitive.
Now with SQL 2005 some users can't logon because SQL 2005 passwords are case-sensitive.
Can SQL 2005 be configured so that passwords are NOT case sensitive???
Thanks!
View 6 Replies
View Related
May 14, 2014
Below is my sample table and data
With Item as(
Select 1 as ItemId,'ItemName1' as ItemName,100 as position union all
Select 2 as ItemId,'ItemName2' as ItemName,200 as position union all
Select 3 as ItemId,'ItemName3' as ItemName,300 as position union all
Select 4 as ItemId,'ItemName4' as ItemName,400 as position union all
Select 5 as ItemId,'ItemName5' as ItemName,500 as position union all
Select 6 as ItemId,'ItemName6' as ItemName,600 as position union all
Select 7 as ItemId,'ItemName7' as ItemName,700 as position),
Mapping as (
Select 1 as Parent, 2 as child union all
Select 1 as Parent, 3 as child union all
Select 1 as Parent, 4 as child union all
Select 5 as Parent, 6 as child union all
Select 5 as Parent, 7 as child )Expected Result:
ParentItemIdParentItemNameParentpositionChildItemIdChildItemNameChildposition
1ItemName11002ItemName2200
1ItemName11003ItemName3300
1ItemName11004ItemName4400
5ItemName55006ItemName6600
5ItemName55007ItemName7700
I was thinking to achieve using union all but if i use union all it will combine the result in rows level. but i need in column level.
View 5 Replies
View Related
Jan 26, 2015
I have a C# windows app trying to access database based the connection string stored in teh app.config file
Here is my app.config parameters
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<connectionStrings>
<add name="con1" connectionString="data Source=127.0.0.1sinclair;initial catalog=kingsroad;uid=balrock;pwd=123456;integrated security=True" />
</connectionStrings>
</configuration>
The reason I want to put an ip address on connection string i just want to create connection strings as people do in their work. When the app tried access the connection string it gives the error in the attachment.
Because I haven't used this user/password for a long time I'm pretty sure the user name and password is correct but i have the following questions
1. Assume the user and password is incorrect, is there way to reset this?
2. what other configuration that i need to do in order to make teh C# app access this Database?
View 2 Replies
View Related
Jan 30, 2015
I have a client application written from C#/winforms app that needs access SQL DB on SQL server 2008 R2 developer. So I need to create a Login for this app with a user/password. But when i created it and put it on the client's connection string, the DB could not be accessed by the client windows forms app and the error was "Login failed for User App1".
Then I tried to login to SQL server from SSMS using the credentials of App1 but it also gave same error "Login failed for user App1". I have following the following steps of creation of the login for App1. i could login from "sa" account and other Admin accounts but not from "App1" account
1. created a server level Login
2. created a DB level user
3. created a Role (a DB role), i even tried creating an App Role
4. given permission to execute stored procedures that handle login
But didn't work. Maybe i made some mistakes in those step. So, how to create an account for user "App1" so it can be accessed by the client windows app and also from SSMS? i would prefer to use account creation from SSMS GUI.
How do i install SQL server 2008R2 in local machine with network accessibility features?
View 1 Replies
View Related
Feb 26, 2015
I need to write a stored procedure or SSIS to export data to client's desktop. What is the best way to achieve it?
The requirement is to develop a web application the client can click on the button and the file will be saved to the clients' local C drive.
How should I configure the destination path here?
View 3 Replies
View Related
Jun 9, 2014
I am having a problem in creating query for this exciting scenario.
Table A
ID ItemQtyCreatedDatetime
W001 CB112014-06-03 20:30:48.000
W002 CB112014-06-04 01:30:48.000
Table B
IDItemQtyCreatedDatetime
A001 CB112014-06-03 19:05:48.000
A002 CB112014-06-03 20:05:48.000
A003 CB112014-06-03 21:05:48.000
A004 CB112014-06-04 01:05:48.000
A005 CB112014-06-04 02:05:48.000
I would like to return the nearest date of Table B in my table like for
ID W001 in table B should return ID A002 CreatedDatetime: 2014-06-03 20:05:48.000
ID W002 in table B should return ID A004 CreatedDatetime: 2014-06-04 01:05:48.000
View 3 Replies
View Related
Apr 5, 2007
Hi,
I need to take the Social Security number and hash it into a unique identifier because I can't display Social Security numbers on a report.
Does Reporting Services have any encrypting/hashing routines that I can use?
Any suggestions?
Thanks.
View 2 Replies
View Related
Jan 16, 2008
I want to perform column level and database level encryption/decryption....
Does any body have that code written in C# or VB.NET for AES-128, AES-192, AES-256 algorithms...
I have got code for single string... but i want to encrypt/decrypt columns and sometimes the whole database...
Can anybody help me out...
If you have Store procedure in SQL for the same then also it ll do...
Thanks in advance
View 1 Replies
View Related
Nov 19, 2007
Hi,
AM in need of SSRS 2005 design documents for a project purpose. Can somebody let me know where can i find these documents? Thanks in advance
View 1 Replies
View Related
Jun 7, 2008
Hello,
I would like use hash function from C# in my SQL procedure. But I don't know how.
Martina
View 4 Replies
View Related
Jul 20, 2005
It seems like there is no built in procedure for making a password hash inSQL2000. Am I wrong.Do I have to make it from scratch myself or is there samples out there?/Jens Ulrik
View 3 Replies
View Related
Mar 12, 2008
Hi!
I want to know wether SQL Server 2005 (that I use) has a built in support for creating MD5 hashes and if it has then can someone give me an example how to use it.
I need to create hash of image field and then compare it to another one that has been sent from application. The hash from my app is sent as string so it would be great if the hash result would be returned as 32 character string
The Software is wrintten in visual basic .net 2005 and it has a built in MD5 hash function so I have taken care of that part.
P.S. If SQL Server 2005 doesn support MD5 maybe someone know other hash alghoritms that Server does support (maybe one that also is supperoted by VB.NET 2005).
View 6 Replies
View Related
Aug 17, 2006
Many articles on sql server security make reference to Hash functions. Do you know of a simple example of a hash function that I could show to others?
For example, would taking the first eight bytes of the mathematical "sin" of a number be a good function? I don't know. Or is a hash "function" actually an involved algorithm, so the "simple" formula I was looking for really doesn't exist.
TIA,
Barkingdog
View 6 Replies
View Related
Apr 17, 2007
Do we have a hash structure in t-sql ? I want that a stored procedure accept a hash table as input (which contains 'column names => new_value' as keys and values). A small piece of code demonstrating the use can be useful.
View 4 Replies
View Related
May 15, 2000
Hi, I've been through Books Online, Technet, MSN and the archives on this site trying to get a difinite answer on this. Everything except Technet indicates a maximum configurable value of 265003. However in Technet, it says that if you are running the enterprise edition with more than 2GB of memory that you can configure this to a much higher number (their example is 700000). Using the calculation involving memory, and based on several dozen performance tests, we would like to set our value to around 666000 (using the prime number of course). However we cannot get SQL to accept any value over the default maximum.
Is Technet wrong? Are we missing something? I cant find any reference other than in Technet on being able to use the higher number.
Thanks in advance,
Chris
View 1 Replies
View Related
Apr 8, 2008
I have implemented a script to perform a MD5 hash on each row processed by the SSIS package so that it can be compared with a stored value to see if there has been a change in the record. This package processes over 1 million rows. In 12 of these rows I get a hash value that is different than the stored value despite the fact that the rows "look" identical. Curious about this, I used the both the CheckSum and Binary_Checksum feature from t-sql to check the rows and they both show the identical checksum value. I have exported the rows into text and did a compare and the records are identical. I assume there must be some hidden characters that is causing the hash to be different, has anyone else run into this issue? Any help is much appreciated.
View 5 Replies
View Related
Mar 30, 2007
Ok, here is what i'm trying to do and its driving me nuts.
ok,
1) I have a proc that runs and needs to validate the user prior to running - this proc is called from an hand held device
2) the id and password are being passed as "clear text" but the password is stored in the database table hashed.
Is there anything on the db side that can get the hash value from the password column of the aspnet_membership table and compare it to the password being passed in to this proc? I have suggested several options to the handheld developer but nothing. This has to be done on the database side.
so,
username and password are passed to proc from handheld.
proc needs to validate ther user in the aspnet_membership table
if user id and password are valid execute the stored procedure
is this possible? if so can ANYONE point me to some examples of this being done?
View 4 Replies
View Related
Jan 29, 2008
In my example I join two tables DimCustomer and FactInterSales from AdventureWorksDW database
In T-SQL it's simply query
Code Snippet
select a.CustomerKey,
a.FirstName,
b.SalesOrderNumber
from AdventureWorksDw.dbo.DimCustomer a,
AdventureWorksDw.dbo.FactInternetSales b
where a.CustomerKey=b.CustomerKey
In SSIS it's simple task too
€˜As input two queries stored in variable ADO.Recordset
Code Snippet
Public Sub Main()
Dim SrcAd As New OleDbDataAdapter
Dim SrcA As New Data.DataTable("DimCustomer")
Dim SrcB As New Data.DataTable("FactInterSale")
Dim DstC As New Data.DataTable("Output")
Dim TabA As New Hashtable()
SrcAd.Fill(SrcB, Dts.Variables("varFactInternetSales").Value)
SrcAd.Fill(SrcA, Dts.Variables("varDimCustomer").Value)
€˜ create destination product
Dim col01 As DataColumn = New DataColumn("CustomerKey")
col01.DataType = System.Type.GetType("System.Int32")
DstC.Columns.Add(col01)
Dim col02 As DataColumn = New DataColumn("FirstName")
col02.DataType = System.Type.GetType("System.String")
DstC.Columns.Add(col02)
Dim col03 As DataColumn = New DataColumn("SalesOrderNumber")
col03.DataType = System.Type.GetType("System.String")
DstC.Columns.Add(col03)
€˜ populate hash table based on PrimaryKey
For Each row As DataRow In SrcA.Rows
TabA.Add(row.Item("CustomerKey").GetHashCode(), row)
Next (row)
Dim myNewRow As DataRow
Dim tmpRow As DataRow
€˜ make hash join
For Each row As DataRow In SrcB.Rows
tmpRow = CType(TabA(row.Item("CustomerKey").GetHashCode()), DataRow)
myNewRow = DstC.NewRow()
myNewRow("CustomerKey") = tmpRow.Item("CustomerKey")
myNewRow("FirstName") = tmpRow.Item("FirstName")
myNewRow("SalesOrderNumber") = row.Item("SalesOrderNumber")
DstC.Rows.Add(myNewRow)
Next (row)
€˜ write DataTable in SSIS variable for other processing
Dts.Variables("varOutput").Value = DstC
Dts.TaskResult = Dts.Results.Success
End Sub
View 4 Replies
View Related
Nov 4, 2015
Here what I want to accomplish, I have table that has 15 column one of the columns is ClientID that is about max 45char. I want to be able to hash on the column and return the hash value in a new column call ClientID_Hash. Is this possible?
View 2 Replies
View Related
Jul 20, 2005
Hi there,I have created a hash table. After using it, somehow the primary keyconstraint of this hash table still exist in database. Which causeerror.When I delete this constraint with Alter table Drop con....It gives no table exist error.Can anybody give any idea.Thanks in Adv.,T.S.Negi
View 2 Replies
View Related
Dec 20, 2007
I have two queries that seem to be the same, but perform very differently. The first query runs very fast (7000+ records returned in <1 sec.). The execution plan shows that it uses a nested loop with index seeks on both tables.
select *
from t_loadbasic
where ld_nbr in (select ld_nbr from t_tripcombined where comp_date between '11/1/07' and '11/05/07')
The second query is almost the same, save the fact that it uses date variables instead of hard dates. The execution plan shows that it uses a hash match instead of a nested loop with an index scan on the main table (t_loadbasic). This query takes about 12 seconds to run.
declare @startdate datetime
,@enddate datetime
set @startdate = '11/1/07'
set @enddate = '11/5/07'
select *
from t_loadbasic
where ld_nbr in (select ld_nbr from t_tripcombined where comp_date between @startdate and @enddate)
I'm trying to figure out why the database executes these two statements so differently. BTW, I've tried switching the order of the tables. I've tried using joins instead of a subquery. The execution plan seems completely dependant on the use of variables. I can attach the execution plans if necessary.
I apologize if this is too simple a question, but I couldn't find an answer on any forums, web searches or BOL. Thanks in adavance.
View 1 Replies
View Related
Jun 21, 2006
Could Any body Please give me one example of each of three types of joins that is
Merge Join
Hash Join
Nested join
View 5 Replies
View Related
Jul 25, 2007
Hi,
We are using binary_checksum in some of instead of update trigger. The problem came into the knowledge when update falied without raising any error. We came to know after research that checksum returns same number for two different inputs and thats why update failed.
We are using following type of inside the trigger.
UPDATE [dbo].[Hospital]
SET
[HospitalID]= I.[HospitalID],
[Name]= I.[Name],
[HospitalNumber]= I.[HospitalNumber],
[ServerName] = I.[ServerName],
[IsAuthorized]= I.[IsAuthorized],
[IsAlertEnabled]= I.[IsAlertEnabled],
[AlertStartDate]= I.[AlertStartDate],
[AlertEndDate]= I.[AlertEndDate],
[IsTraining]= I.[IsTraining],
[TestMessageInterval]= I.[TestMessageInterval],
[DelayAlertTime]= I.[DelayAlertTime],
[IsDelayMessageAlert]= I.[IsDelayMessageAlert],
[IsTestMessageAlert]= I.[IsTestMessageAlert],
[IsUnAuthorizedMessageAlert]= I.[IsUnAuthorizedMessageAlert],
[IsWANDownAlert]= I.[IsWANDownAlert],
[IsWANUpAlert]= I.[IsWANUpAlert],
[CreateUserID]= Hospital.[CreateUserID],
[CreateWorkstationID]= Hospital.[CreateWorkstationID],
[CreateDate]= Hospital.[CreateDate] ,
/* record created date is never updated */
[ChangeUserID]= suser_name(),
[ChangeWorkstationID]= host_name(),
[ChangeDate]= getdate() ,
/* Updating the record modified field to now */
[CTSServerID]= I.[CTSServerID]
FROM inserted i
WHERE
i.[HospitalID]= Hospital.[HospitalID]
AND binary_checksum(
Hospital.[HospitalID],
Hospital.[Name],
Hospital.[HospitalNumber],
Hospital.[ServerName],
Hospital.[IsAuthorized],
Hospital.[IsAlertEnabled],
Hospital.[AlertStartDate],
Hospital.[AlertEndDate],
Hospital.[IsTraining],
Hospital.[TestMessageInterval],
Hospital.[DelayAlertTime],
Hospital.[IsDelayMessageAlert],
Hospital.[IsTestMessageAlert],
Hospital.[IsUnAuthorizedMessageAlert],
Hospital.[IsWANDownAlert],
Hospital.[IsWANUpAlert]) !=
binary_checksum(
I.[HospitalID],
I.[Name],
I.[HospitalNumber],
I.[ServerName],
I.[IsAuthorized],
I.[IsAlertEnabled],
I.[AlertStartDate],
I.[AlertEndDate],
I.[IsTraining],
I.[TestMessageInterval],
I.[DelayAlertTime],
I.[IsDelayMessageAlert],
I.[IsTestMessageAlert],
I.[IsUnAuthorizedMessageAlert],
I.[IsWANDownAlert],
I.[IsWANUpAlert]) ;
Here is the checksum example which produces same results for two different input.
DECLARE @V1 VARCHAR(10)
DECLARE @V2 VARCHAR(10)
SELECT @V1 = NULL, @V2=NULL
SELECT binary_checksum('KKK','San Jose','1418','1418SVR ',0,1,@V1,@V2,0,30,180,1,0,1,1,1),
binary_checksum('KKK','San Jose','1418','1418SVR ',1,1,@V1,@V2,0,30,180,1,1,1,1,1)
Lookat the two binary_checksum above, they are different and should not match, but they both return same value.
Can someone please provide some info on these.
View 4 Replies
View Related
Nov 11, 2006
Hi Guys,
I'm importing logs from multiple servers from CSV format into a table. Inside the loop the 1st thing I do is insert the FileName into a table to ensure that I never process the same file twice.
The problem is that multiple servers produce the same filename, so if server A produces Log20061110.csv - when I import the log from server B ( also called Log20061110.csv ) into the table, it of course runs into a problem.
If there was some way for me to get an MD5 Hash of the file as a variable that would be solve my problem.
Does anyone know how I could accomplish that?
Thanks
Warrick
View 2 Replies
View Related
Mar 13, 2014
I would like to perform an audit of weak passwords, which is well documented for sql users. Using the same methodology, I should be able to audit weak passwords for contained users. To accomplish this, I must be able to find the location of the password hashes for the contained users.
I have looked at sys.syslogins and sys.sql_logins, which both have the password hash for server level users, but not contained users. I was able to find sys.sysusers, which does contain contained users, but no password hash.
What is the location of the password hashes for contained users?
View 0 Replies
View Related
Sep 15, 2014
When I have a record that I copy and paste (Access 2010 datasheet view) into a new record with one column having a unique constraint , I display message "Cannot insert duplicate code" then if not all values in the record are inserted , I get a #deleted in all columns Refreshing , I find that the id is incremented by 2 instead of one.
That is if the previous record has ID 20 , the #deleted record has ID 22 .
avoid the #deleted which happens if not all columns are filled.
View 9 Replies
View Related
Sep 22, 2014
How to find hash algorithm and salt value for sql logins in sql server 2005.
View 7 Replies
View Related
