user authentication by SQL lookup
- From: "Paulo Tetovisk" <pelasaco@xxxxxxxxx>
- Date: Thu, 10 Apr 2008 20:54:06 -0300
Hello,
I have a doubt, maybe related with "Best Pratices" and "How to do a securely
SQL Lookup to authenticate a user against a Database".
It's a simple solution, everybody nows how to do, but what's more secure ?
Send the query or SP with the following statement:
"SELECT COUNT(*) FROM tb_users WHERE uid = 'foo' AND passwd =
'hashedpassword'" and then check if the answer is 0 or 1 ?
Or
Send a query like "SELECT passwd FROM tb_users WHERE uid = 'foo'" and then
you do the password validation on the webserver that host your application ?
The secound solution has a pro: It "saves" SQL processing, but in the
another hand you send your password hash in throught your password, i don't
think that is the most secure solution. Has the first option any con ?
Thanks in advance!
PT
.
- Follow-Ups:
- Re: user authentication by SQL lookup
- From: Misbah Arefin
- Re: user authentication by SQL lookup
- Prev by Date: Re: Intranet app via remote location (Internet)
- Next by Date: configure SSL
- Previous by thread: PerformanceCounterCategory.Create() takes 3 minutes to add a new category!! How come? What can cause this?
- Next by thread: Re: user authentication by SQL lookup
- Index(es):
Relevant Pages
|
