Re: Index for username/password

From: "David Portas" <REMOVE_BEFORE_REPLYING_dportas@xxxxxxx>
Date: 28 Dec 2005 07:12:40 -0800

Cecil wrote:

> >>I don't see the purpose of the ID column? Why not make the name the primary
> >>key?
>
> I was thinking of doing that, but I intend for the Logon table to be
> like an ID card. Only for efficient identification. I wanted to reuse
> this table design in multiple projects that would require
> authentication.
>

Name would still be unique though wouldn't it? So it should still have
a unique constraint on name.

Storing passwords in the database is an inherent security flaw. Don't
store them, encrypted or otherwise. If you must, store a secure hash of
the password. If you are using SQL Server 2005 then use the built in
encryption / authentication. Where possible, use integrated security
rather than invent your own.

--
David Portas
SQL Server MVP
--

.

Follow-Ups:
- Re: Index for username/password
  - From: David Portas

References:
- Index for username/password
  - From: Cecil
- Re: Index for username/password
  - From: Erland Sommarskog
- Re: Index for username/password
  - From: Cecil

Prev by Date: Re: Index for username/password
Next by Date: Re: Index for username/password
Previous by thread: Re: Index for username/password
Next by thread: Re: Index for username/password
Index(es):
- Date
- Thread

Relevant Pages

Re: encrypt password
... >> and password of each application user in SQL server. ... >> the password and store in a character field. ... What encryption algorithm is good for password field? ...
(microsoft.public.vb.general.discussion)
Re: encrypt password
... > and password of each application user in SQL server. ... > the password and store in a character field. ... What encryption algorithm is good for password field? ...
(microsoft.public.vb.general.discussion)
Re: SQL or Access DB
... As far as encryption goes though... ... with Sql Server you can use SQL DMO and encrypt your stored procedures ... installation - Security was absolutely critical and in most instances, ... > then we create a nice gui around this database and sell it to automotive ...
(microsoft.public.dotnet.languages.vb)
Re: Newbie help
... think I can probably get what I need using SQL Server (the ... > To efficiently store and retrieve data for your needs, ... You only store changed values (as ...
(microsoft.public.sqlserver.programming)
Re: meta data & full text search
... There are more issues (transaction control, change control, audit of ... storing the files in a SQL Server table's column defined with an IMAGE ... if you store the files ... consistency of the database, indices, backup, restore, etc. ...
(microsoft.public.sqlserver.fulltext)