I am working on a login system in flex and asp. I am encrypting the password before it is inserted it into the SQL database. But then when i do SELECT statement with username and encrypted password it returns 0 users found.
I outputted the sql statement and they passwords look excatly the same. But the SQL Select count(*) returns a 0.
link to the encrypting is used:
http://www.4guysfromrolla.com/webtech/110599-1.2.shtml
other information:
script language: asp + flex
database: sql server 2005
So i am thinking that their are hidden chars in the password. Is their a way to check this or even convert/exclude them ?
Any links or tips would be very helpfull
Use the sample to solve your issue...
Alter Function dbo.En_De_Crypt(@.Input varchar(max), @.Key int ) Returns Varchar(Max) as
Begin
Declare @.Len as Int;
Declare @.I as Int;
Declare @.Output as Varchar(max)
Select @.Len = Len(@.Input), @.I =1, @.Output=''
Declare @.Number Table (N int);
While(@.I<=@.Len)
Begin
Insert into @.Number Values(@.I);
Set @.I = @.I + 1;
End
Select @.Output = @.Output + Char(Ascii(Substring(@.Input,N,1)) ^ @.Key)
From @.Number
return @.Output
End
Go
Create Table #Passwords(
Password varchar(20)
);
Insert Into #Passwords Values(dbo.En_De_Crypt('One1234$$',100));
Insert Into #Passwords Values(dbo.En_De_Crypt('M1cr0$0ft',100));
Insert Into #Passwords Values(dbo.En_De_Crypt('Or@.c1e',100));
Insert Into #Passwords Values(dbo.En_De_Crypt('@.pp1e',100));
Select dbo.En_De_Crypt(Password,100) ,Password From #Passwords
/*
Orginal value Decrypted Value
One1234$$ + _VWP@.@.
M1cr0$0ft )Up'16T@.T '10
Or@.c1e +_$p_par
@.pp1e $__U_par */
--None of the query will return the data here..
Select Count(*) From #Passwords Where Password = '+
_VWP@.@.'
Select Count(*) From #Passwords Where Password = ')Up'16T@.T '10'
Select Count(*) From #Passwords Where Password = '?_p$'
Select Count(*) From #Passwords Where Password = '$__U_par'
--Use the following query to get the result..
Select Count(*) From #Passwords Where dbo.En_De_Crypt(Password,100)='M1cr0$0ft'
|||thnx Manivannan for the reply.i will try it out.
No comments:
Post a Comment