password problems
-
hi im doing parameterized query whereby the user has to enter id and password. im using access database to store my data and using visual studio .net 2003 to build my app. if the id n password match, data is retrieved. i need help to ensure that password typed is of the exact case as stored in database. that means, if password in database is hELLo23 the user cannot access if he types hello23. how do i do that? second problem is how can i make it such that user types in password and the password appears like this ********? finally, how do i let password in database appear in encrypted text so that it is impossible to see the password in text format? i read about hash... do i use that? can i have more details? thanks! =)
-
hi im doing parameterized query whereby the user has to enter id and password. im using access database to store my data and using visual studio .net 2003 to build my app. if the id n password match, data is retrieved. i need help to ensure that password typed is of the exact case as stored in database. that means, if password in database is hELLo23 the user cannot access if he types hello23. how do i do that? second problem is how can i make it such that user types in password and the password appears like this ********? finally, how do i let password in database appear in encrypted text so that it is impossible to see the password in text format? i read about hash... do i use that? can i have more details? thanks! =)
nidhelp wrote: im doing parameterized query whereby the user has to enter id and password. im using access database to store my data and using visual studio .net 2003 to build my app. if the id n password match, data is retrieved. i need help to ensure that password typed is of the exact case as stored in database. that means, if password in database is hELLo23 the user cannot access if he types hello23. how do i do that? Use
StrCompFunction this function can be configired to make Binary Comparison For exampleSelect * From Customers Where StrComp('ContactName','anyNamE',0)=0The Third Parameter =0 which tell the function use binary Coparison (Case Sensitive) and we compare the return value From function with zero which mean the two string are equal To learn more about the function parameters and return value look at StrComp Function[^] nidhelp wrote: second problem is how can i make it such that user types in password and the password appears like this ********?**TextBox**have Propert Called**PasswordChar**Set it to The Character you want instead of plain text in your case set It to*MCAD -- modified at 9:16 Sunday 28th August, 2005 -
hi im doing parameterized query whereby the user has to enter id and password. im using access database to store my data and using visual studio .net 2003 to build my app. if the id n password match, data is retrieved. i need help to ensure that password typed is of the exact case as stored in database. that means, if password in database is hELLo23 the user cannot access if he types hello23. how do i do that? second problem is how can i make it such that user types in password and the password appears like this ********? finally, how do i let password in database appear in encrypted text so that it is impossible to see the password in text format? i read about hash... do i use that? can i have more details? thanks! =)
nidhelp wrote: finally, how do i let password in database appear in encrypted text so that it is impossible to see the password in text format? i read about hash... do i use that? can i have more details? you can store password in database in few ways
1-Plain textbut this unsecure2-Encrypt password and store encrypted text in databaseThis way better then Store Plain text but the problem with this is you have to store private or secret key which you will use it to encrypt and decrypt the password So if any one gain access to this key it will be easy to decrypt your password 3-One-Way Hash passwordthis the best way because you dont have to store any private key you hash the password and store it in the database when the user provide his passwod you hash it and compare it with the one stored in the database For example how to do it you can google it like One-Way Hashing[^] MCAD -- modified at 20:30 Monday 29th August, 2005 -
nidhelp wrote: im doing parameterized query whereby the user has to enter id and password. im using access database to store my data and using visual studio .net 2003 to build my app. if the id n password match, data is retrieved. i need help to ensure that password typed is of the exact case as stored in database. that means, if password in database is hELLo23 the user cannot access if he types hello23. how do i do that? Use
StrCompFunction this function can be configired to make Binary Comparison For exampleSelect * From Customers Where StrComp('ContactName','anyNamE',0)=0The Third Parameter =0 which tell the function use binary Coparison (Case Sensitive) and we compare the return value From function with zero which mean the two string are equal To learn more about the function parameters and return value look at StrComp Function[^] nidhelp wrote: second problem is how can i make it such that user types in password and the password appears like this ********?**TextBox**have Propert Called**PasswordChar**Set it to The Character you want instead of plain text in your case set It to*MCAD -- modified at 9:16 Sunday 28th August, 2005hi i got error when i tried StrComp Function --> Select * From Customers Where StrComp('ContactName','anyNamE',0)=0. it says something about YourPassword is not in Parameter collection. indeed it's not there. this line is what i wrote in OKbutton click event: oleDbDataAdapter2.SelectCommand.Parameters["YourPassword"].Value = textBox2.Text; well, i tried to remove that line, but what i typed in password textbox did not successfully sense correct password (eg. hELLo23) and retrieve data from Access and display. It's supposed to sense hELLo23 from hello23 or HELLO23 or any other inputs that are different from that (hELLO23) in my database. i also tried to do this --> Select * From Customers Where StrComp('ContactName','anyNamE',2)=2 as msdn says write '2' for Microsoft Access only. Performs a comparison based on information in your database. but it seems no difference as writing '0'. loading of data is fine if i do this --> oleDbDataAdapter2.SelectCommand.Parameters["ID_Number_"].Value = textBox1.Text; oleDbDataAdapter2.SelectCommand.Parameters["YourPassword"].Value = textBox2.Text; dataSet41.Clear(); oleDbDataAdapter2.Fill(dataSet41); if(this.BindingContext[dataSet41, "Table1"].Count == 0) { MessageBox.Show("Error Occured"); textBox1.Focus(); } the only problem is that it's not case-sensitive in password textbox and it shows data even though password case is not the same as db. i just want to ensure that for password any wrong case will not let user have access to get the data. thanks a lot!
-
hi i got error when i tried StrComp Function --> Select * From Customers Where StrComp('ContactName','anyNamE',0)=0. it says something about YourPassword is not in Parameter collection. indeed it's not there. this line is what i wrote in OKbutton click event: oleDbDataAdapter2.SelectCommand.Parameters["YourPassword"].Value = textBox2.Text; well, i tried to remove that line, but what i typed in password textbox did not successfully sense correct password (eg. hELLo23) and retrieve data from Access and display. It's supposed to sense hELLo23 from hello23 or HELLO23 or any other inputs that are different from that (hELLO23) in my database. i also tried to do this --> Select * From Customers Where StrComp('ContactName','anyNamE',2)=2 as msdn says write '2' for Microsoft Access only. Performs a comparison based on information in your database. but it seems no difference as writing '0'. loading of data is fine if i do this --> oleDbDataAdapter2.SelectCommand.Parameters["ID_Number_"].Value = textBox1.Text; oleDbDataAdapter2.SelectCommand.Parameters["YourPassword"].Value = textBox2.Text; dataSet41.Clear(); oleDbDataAdapter2.Fill(dataSet41); if(this.BindingContext[dataSet41, "Table1"].Count == 0) { MessageBox.Show("Error Occured"); textBox1.Focus(); } the only problem is that it's not case-sensitive in password textbox and it shows data even though password case is not the same as db. i just want to ensure that for password any wrong case will not let user have access to get the data. thanks a lot!
another problem is i have these 3 columns AdministratorPwd, YourPassword and userID as part of my Access db table. typing in the 2 textboxes (AdministratorPwd and CustomerID) OR (YourPassword and CustomerID) is supposed to query the db for the same piece of data, that is, i should be able to get data belonging to this particular Customer whether i type (AdministratorPwd and CustomerID) OR (YourPassword and CustomerID). For eg, i want to view info regarding customerA so i type AdministratorPwd and CustomerID --> admin and CustomerA or i can also type YourPassword and CustomerID --> workerA and CustomerA. however, when i use querybuilder to write ........ WHERE AdministratorPwd=? OR YourPassword=? AND CustomerID=? I get errors--> Password is not in parameter collection and also i'll be getting CustomerB or some other customer's info from db.
-
nidhelp wrote: finally, how do i let password in database appear in encrypted text so that it is impossible to see the password in text format? i read about hash... do i use that? can i have more details? you can store password in database in few ways
1-Plain textbut this unsecure2-Encrypt password and store encrypted text in databaseThis way better then Store Plain text but the problem with this is you have to store private or secret key which you will use it to encrypt and decrypt the password So if any one gain access to this key it will be easy to decrypt your password 3-One-Way Hash passwordthis the best way because you dont have to store any private key you hash the password and store it in the database when the user provide his passwod you hash it and compare it with the one stored in the database For example how to do it you can google it like One-Way Hashing[^] MCAD -- modified at 20:30 Monday 29th August, 2005Probably an MD5 or SHA1 or 2 with salt is the best. Matt Gerrans