Monday, March 12, 2012

login case senssitive

I would like to have a login page that is case senssitive. Right now the userName field in DB store Example :"John", but it allow the user to log in even if he types "john". Is the any SQL statement that select only if if name match and the case are match?::Is the any SQL statement that select only if if name match and the case are match?

=

I assume you use "Like". "Like" ignores case.

Now- otos - does your request make sense? I mean

::I would like to have a login page that is case senssitive. Right now the userName field in
::DB store Example :"John",

If "John" and "john" are different users, you open pandora's box for people mixing this up.

Our security systems ware case insensitive and store - besides the "DisplayName" also a "UniqueName" (name in lower cases), which triggers a unique constraint.

Having two users that differentiate their name only by casing sounds to me like a terrific bad idea. I can imagine the support calls coming in.|||The reason for case sensitive is because later on in my application i am using the user name and it has to be at certain form.
my select statement is:
"SELECT* FROM[FrenchRoast].[shikozel_db].[Chef] WHERE (([Chef].[Name] = @.Name) AND ([Chef].[Password] = @.password))"

I dont use like.
thank you.help...|||::The reason for case sensitive is because later on in my application i am using the user
::name and it has to be at certain form.

With all respect, this is no rason to make logins case sensitive. All my arguments are true - you willget into trouble with people spelling their name wrong when logging in.

Btw - if this:

::AND ([Chef].[Password] = @.password))"

indicates that you store the password in clear text in the database, then PLEASE get an introduction book on security. Storing the paswords in the database opens you up for a lot of not-funny things, including a tremendous amount of legal liability in case something does go wrong - without any legal defence, as it is gross neglect. Passwords should never ever be stored in the database.|||thank you for your comment. Where should i store passwords? any tutorial or books?|||::Where should i store passwords?

You should never ever store passwords. Look at how modern operating systems do it - they also never store passwords.|||Thona is correct, case sensitive passwords are a bad design and clear text pw's are equally as bad from a security stand point, so I recommend you read up on MD5.

Posted by marineghjm at 4:59 AM
Labels: , , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)