How to hide user-passwords in SQL Server database

sql sql-server asp-classic
12,611

Solution 1

i prefer to store user password as with md5

save passwords after md5sum when user trying to login

user variables from form

var_username = jersey
var_password = 123456

// dont forget to escape for sql injection
// generate md5sum for password
var_md5password = md5(password)

SELECT * FROM users WHERE username = 'var_username' AND password = 'var_md5password'

for example

|- id -|- username -|- password -|
|-  1 -|- jersey   -|- 123456   -|
|-  2 -|- timber   -|- 1234567  -|

table with md5

|- id -|- username -|-             password             -|
|-  1 -|- jersey   -|- e10adc3949ba59abbe56e057f20f883e -|
|-  2 -|- timber   -|- fcea920f7412b5da7be0cf42b8c93759 -|

more secure way

 secret_key = topsecretkey
 password: 123456
 md5(password+secretkey)
 it will generate a better md5

Solution 2

I actually just found a free ASP script implementing the SHA-256 one-way encryption algorithm, which is one of the industry standard methods for generating digital signatures.

It also contains a form and ASP code that demonstrates the algorithm can be used. The SHA-256 algorithm is one of the industry standard methods for generating digital signatures. It is generically known as a digest, digital signature, one-way encryption, hash or checksum algorithm. A common use for SHA-256 is for password encryption as it is one-way in nature, that does not mean that your passwords are not free from a dictionary attack.

I dont know if this is more secure than MD5, but here it goes:

http://www.freevbcode.com/ShowCode.asp?ID=2565

Share:
12,611
MicBehrens
Author by

MicBehrens

HTML5 CSS3 JavaScript AngularJS jQuery jQueryUI ASP Classic PHP7 Python RegExp TSQL SQL Server MySQL

Updated on June 05, 2022

Comments

  • MicBehrens
    MicBehrens almost 2 years

    To improve the security for my users I wish to hide all user-passwords in my MSSQL database. The webapplication is in ASP Classic and the SQL-field is a varchar(max).

    I have heard about hashing the codes, but how does this work? Is it something to be done in the SQL string or making an ASP function?

    My current users tabel setup are:

    id    username    password
1     jersey      plaintextpassword
2     timber      plaintextpassword
....

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

get new SQL record ID
SQL divide two integers and get a decimal value error
Return value in stored procedure SQL Server
Password mismatch while logging to sql server
Microsoft OLE DB Provider for SQL Server error '80004005'
Converting image files to VARBINARY(max) in flutter
Creating Flutter Web Server that connects to an SQL server
How to connect Flutter app to SQL Server to send queries
TSQL Add two Numbers
Is SQL code faster than C# code?