How to check the Password in C# and SQL?

[Jason Huang]

Hi,

The Password column in SQL server 2000 is a datatype of "image", then how do
I check the password in the C# responding to the "image" datatype?
Thanks for help.

Jason

 

[Hans Kesting]

Hi,

The Password column in SQL server 2000 is a datatype of "image", then
how do I check the password in the C# responding to the "image"
datatype? Thanks for help.

Jason

What happens if you do a "convert(varchar, ..)" on that password column?
(How do you get the values INTO that column in the first place?)

Hans Kesting

 

[William Stacey [MVP]]

Why not just encrypt the password then convert to base64 and save in a
string type column. Or varbinary if you have SQL2005.

 

[Scott]

I would find it hard to believe the password column in your SQL server 2000
can be decrypted into something that the .Net framework would understand,
but I haven't tried it.

I've used md5 on the password. This makes the trip one way, as you can not
determine the original password from the md5 checksum. This is slightly
more secure than encrypting the password, then decrypting the password for
comparison (it's more like encrypting both the original, and the comparison
passwords to see if they generate the same checksum). I md5 the password
when I save it originally, then md5 any password from a logon attempt. If
they derive the same number, then statistically speaking the md5 checksum
was derived from the same password for both. Of course, I would enforce a
password length of some sort.

Scott
NetConquer