Re: SQL field "binary"
From: Steve Kass (skass_at_drew.edu)
Date: 01/20/05
- Next message: Alejandro Mesa: "RE: Getting string result"
- Previous message: Alejandro Mesa: "RE: the char '"
- In reply to: Test: "SQL field "binary""
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 20 Jan 2005 10:37:20 -0500
You've given very little in terms of specific information, so it's
impossible
to give a precise answer. My guess is that the vendor is storing a hashed
password. Typically, the hash functions SHA1 or MD5 are used, and the
length of the column values may also be a clue, since SHA1 and MD5
hashes are fixed lengths.
What does the vendor's code do to validate passwords?
Here is one article that will give you some information:
http://msdn.microsoft.com/msdnmag/issues/04/09/SQLInjection/default.aspx
You can also search the web and Microsoft support for hash+password+"SQL
Server"
Steve Kass
Drew University
Test wrote:
>Vendor software set password field as binary in sql server 2000
>
>I would like to write some pages to check the user name and password
>
>how can i check and match the field?
>
>
>
>
- Next message: Alejandro Mesa: "RE: Getting string result"
- Previous message: Alejandro Mesa: "RE: the char '"
- In reply to: Test: "SQL field "binary""
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
