storing passwords !

Microsoft SQL server version 7.0 --------------------------------- I have to find out a way..where in the login id and passwords can be stored in more secured way.. I browsed the netb and found out the following information..does this apply to sql server 7.0 ? " Passwords are stored in the sysxlogins table in encrypted form.SQL Server uses an undocumented function, pwdencrypt() to produce a hash of the user's password, which is stored in the sysxlogins table of the master database. When a user attempts to authenticate to SQL Server several things happen to do this. Firstly SQL Server examines the password entry for this user in the database and extracts the "salt" - 84449305 - in the example. This is then appended to the password the user supplies when attempting to log in and a SHA hash is produced. This hash is compared with the hash in the database and if they match the user is authenticated - and of course if the compare fails then the login attempt fails. The user's password is converted to it's UNICODE version if not already in this form.The salt is then appended to the end. This is then passed to the crypt functions in advapi32.dll to produce a hash using the secure hashing algorithm or SHA. The password is then converted to its upper case form, the salt tacked onto the end and another SHA hash is produced." This methodos storing is adopted by SQL server.. in this method...hacking the passwords sounds so easy! so.. Can someone suggest a better way for storing the passwords and the login information.. storing it in teh registry is also not safe .,I guess! thank u.. ranjani

The following is the way i want to implement this. that is..to check iff permissiosn()&2=0x2....permissions()&32=0x20 and so on... CREATE PROCEDURE balli @ioparm int output, @oparm int output AS BEGIN SET NOCOUNT ON IF PERMISSIONS() &@ioparm=0x@oparm SELECT 1 ELSE SELECT 0 END The above sql proc gives syntax error..how do i change it?? ranjani

The following is the way i want to implement this. that is..to check iff permissiosn()&2=0x2....permissions()&32=0x20 and so on... CREATE PROCEDURE balli @ioparm int output, @oparm int output AS BEGIN SET NOCOUNT ON IF PERMISSIONS() &@ioparm=0x*@oparm SELECT 1 ELSE SELECT 0 END The above sql proc gives syntax error..how do i change it?? ranjani

does the command... EXEC sp_helprotect NULL, 'dbo' display the user dbo's permission list?? or..how should i change the above syntax so that the user permissions are displayed?? is there any other stored procedure that doesthis job? ranjani

iam able to create the stored procedure.. but how do i go about... rading the return value.. that is my code is now like.. _bstr_t bstrPr = "DROP PROCEDURE bali" ; pRecordset = m_pConnection->Execute(bstrPr, vRecordsAffected, 1); _bstr_t bstrp = "CREATE PROCEDURE bali @ioparm int OUTPUT AS \nIF PERMISSIONS()&2=0x2 RETURN 1 ELSE RETURN 0"; pRecordset = m_pConnection->Execute(bstrp, vRecordsAffected, 1); _bstr_t exect = "EXECUTE bali 2"; pRecordset = m_pConnection->Execute(exect,vRecordsAffected, 1); _variant_t vtMyVal; vtMyVal = pRecordset->GetFields()->Item[long(0)]->Value; printf("\n%d\n",(char *)(_bstr_t)vtMyVal); Iam not able tor ead the return value from this but.. what mite be the reason for this? what else shud i add to get it done?? also.. initially.. how do i cehk if a procedure name with the name specified already exists?? ranjani

AND AFTER DOING THAT.. GET THE RETURN VALUE..AS SAID ABOVE FOR PERMISSIOSN STT IS IT?? ranjani

how do i create a stored procedure in C++? my program should for any of the sql servers.. so..manually creating a stored procedure won't work.. so.. i have to create it programatically...how do i go abt doing it? ranjani

how do i create a stored procedure in C++? my program should for any of the sql servers.. so..manually creating a stored procedure won't work.. so.. i have to create it programatically...how do i go abt doing it? ranjani

yes i got the answer by ur answer... now..can u help me out with sql databse stuffs?? coz'' the return value..that is the integer value i get indicates some permissions assigned to teh user.. how do i check it? ranjani

The full code is enclosed herewith!! When I include the aboce said and run it..the control goes to the catch function..as there's some problem in the above mentioned stt! void main(void) { ADODB::_ConnectionPtr m_pConnection = NULL; ADODB::_CommandPtr Cmd1; ADODB::_RecordsetPtr pRecordset = NULL; VARIANT *vRecordsAffected = NULL; char ConStr[500]; char str1[50]; _bstr_t bstrProc =( L"sp_StartByteImport" ); BOOL m_bIsConnectionOpen; // Create an instance of _Connection HRESULT hr ; hr = m_pConnection.CreateInstance(__uuidof(ADODB::Connection)); cout << "Connection object created." ; _variant_t vRecsAffected(0L); try { if (SUCCEEDED(hr)) { //Open a connection where database is access database : "c:\\emailparsing\\email_details.mdb" ConStr[0] = '\0'; strcat(ConStr, "Provider=sqloledb;Server=ie10DT2KCO1473;Initial Catalog=Shree;"); strcat(ConStr,"User Id=sa;Password= ;"); /* Provider=Microsoft.Jet.OLEDB.3.51; Data Source="**/ // strcat(ConStr, "C:\\MSSQL7\\Data\\Shree_Data" ); m_pConnection->Open(ConStr, "", "", 0); //If database opened successfully then set IsConnectionOpen to TRUE if (SUCCEEDED(hr)) { m_bIsConnectionOpen = TRUE; } } sprintf(str1,"USE Shree SELECT PERMISSIONS ( OBJECT_ID('TABLE1') )"); pRecordset = m_pConnection->Execute(str1, vRecordsAffected, 1); _variant_t vtMyVal; vtMyVal = pRecordset->Fields->Item[long(0)]->Value; printf("\n%s\n\n",vtMyVal); ConStr[0] = '\0'; strcat(ConStr, "SELECT * FROM "); strcat(ConStr,"TABLE1"); pRecordset = m_pConnection->Execute(ConStr, vRecordsAffected, 1); if (!pRecordset->GetEOFile()) { int i = 0; while (!pRecordset->GetEOFile()) { printf("row %d is '%s %s'\n",i, (char*) ((_bstr_t) pRecordset->GetFields()->GetItem("id")->GetValue()), (char*) ((_bstr_t) pRecordset->GetFields()->GetItem("product_name")->GetValue())); i++; pRecordset->MoveNext(); } } pRecordset->Close(); } catch (_com_error &e) { printf("Description = '%s'\n", (char*) e.Description()); printf("%s\n%s\n%s\n",(char *) e.ErrorMessage(), (char *)e.Source(), (char *)e.Description()); } ::CoUninitialize(); } ranjani

The full code is enclosed herewith!! When I include the aboce said and run it..the control goes to the catch function..as there's some problem in the above mentioned stt! void main(void) { ADODB::_ConnectionPtr m_pConnection = NULL; ADODB::_CommandPtr Cmd1; ADODB::_RecordsetPtr pRecordset = NULL; VARIANT *vRecordsAffected = NULL; char ConStr[500]; char str1[50]; _bstr_t bstrProc =( L"sp_StartByteImport" ); BOOL m_bIsConnectionOpen; // Create an instance of _Connection HRESULT hr ; hr = m_pConnection.CreateInstance(__uuidof(ADODB::Connection)); cout << "Connection object created." ; _variant_t vRecsAffected(0L); try { if (SUCCEEDED(hr)) { //Open a connection where database is access database : "c:\\emailparsing\\email_details.mdb" ConStr[0] = '\0'; strcat(ConStr, "Provider=sqloledb;Server=ie10DT2KCO1473;Initial Catalog=Shree;"); strcat(ConStr,"User Id=sa;Password= ;"); /* Provider=Microsoft.Jet.OLEDB.3.51; Data Source="**/ // strcat(ConStr, "C:\\MSSQL7\\Data\\Shree_Data" ); m_pConnection->Open(ConStr, "", "", 0); //If database opened successfully then set IsConnectionOpen to TRUE if (SUCCEEDED(hr)) { m_bIsConnectionOpen = TRUE; } } sprintf(str1,"USE Shree SELECT PERMISSIONS ( OBJECT_ID('TABLE1') )"); pRecordset = m_pConnection->Execute(str1, vRecordsAffected, 1); _variant_t vtMyVal; vtMyVal = pRecordset->Fields->Item[long(0)]->Value; printf("\n%s\n\n",vtMyVal); ConStr[0] = '\0'; strcat(ConStr, "SELECT * FROM "); strcat(ConStr,"TABLE1"); pRecordset = m_pConnection->Execute(ConStr, vRecordsAffected, 1); if (!pRecordset->GetEOFile()) { int i = 0; while (!pRecordset->GetEOFile()) { printf("row %d is '%s %s'\n",i, (char*) ((_bstr_t) pRecordset->GetFields()->GetItem("id")->GetValue()), (char*) ((_bstr_t) pRecordset->GetFields()->GetItem("product_name")->GetValue())); i++; pRecordset->MoveNext(); } } pRecordset->Close(); } catch (_com_error &e) { printf("Description = '%s'\n", (char*) e.Description()); printf("%s\n%s\n%s\n",(char *) e.ErrorMessage(), (char *)e.Source(), (char *)e.Description()); } ::CoUninitialize(); } ranjani

AND which value with what. my question is... how do i get the integer value from it... when i run the folllowing in query analyzer i get the proper result..i have to do the same in..c++ ,,how do i do it? USE pubs IF PERMISSIONS()&2=0x2 PRINT 'The current user can create a table.' ELSE PRINT 'The current user cannot create a table.' thanxxxx ranjani

do u eman to say..use pRecordset->Fields()-> .. and what is integer basd index as u have mentioned??? plz reply as soon as poss thank u in advance ranjani

I have to get the user's acces permission for a specified database! For that I use the command...PERMISSIONS() I use ADO for establishing a connection to the database..my code is something like this now.. void main(void) { ADODB::_ConnectionPtr m_pConnection = NULL; ADODB::_RecordsetPtr pRecordset = NULL; VARIANT *vRecordsAffected = NULL; char ConStr[500]; char str1[50]; BOOL m_bIsConnectionOpen; // Create an instance of _Connection HRESULT hr ; hr = m_pConnection.CreateInstance(__uuidof(ADODB::Connection)); try { if (SUCCEEDED(hr)) { //Open a connectionConStr[0] = '\0'; strcat(ConStr, "Provider=sqloledb;Server=ie10DT2KCO1473;Initial Catalog=Shree;"); strcat(ConStr,"User Id=sa;Password= ;"); m_pConnection->Open(ConStr, "", "", 0); //If database opened successfully then set IsConnectionOpen to TRUE if (SUCCEEDED(hr)) m_bIsConnectionOpen = TRUE; } /* sprintf(str1,"PERMISSIONS ( OBJECT_ID('TABLE1') )"); pRecordset = m_pConnection->Execute(str1, vRecordsAffected, 1); } .. and then the catch function ! Now.. How do i display the return value of the PERMISSIONS function?? kindly help me in this regard!! ranjani

In my c++ code ..i use ADO commands..and to get the permissions..for userss for each and every databse.. i use the following commands.. sprintf(str1,"SELECT PERMISSIONS(OBJECT_ID('TABLE1'))"); pRecordset = m_pConnection->Execute(str1, vRecordsAffected, 1); the abopve function returns an integer value.. how do i read the value?? ranjani

ListUserPermissions in the above mentioned sqldmo function..What value shud passed as the arguments for listing the user access permissions of a sql database??? ranjani

_SQLObjectListPtr what sql namespace should be useed to access this ptr ?? i want to use the ListUserPermissions method ..for htis i need the above mentioned ptr.. ranjani

_SQLObjectListPtr what sql namespace should be useed to access this ptr ?? i want to use the ListUserPermissions method ..for htis i need the above mentioned ptr.. ranjani

in my c++ program to find the user permissions for each user in a sql database...i use ListUserPermissions method after importing sqldmo.rll on execution i get an error saying... undeclared identifier..ListUserPermissions !! shud i use any headre file other thann sqldmo.rll ? ranjani

can i use the function ListDatabasePermissions for getting the acccess permissiosn for a particular database? ranjani