Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Password Validation
Message
From
11/05/2008 17:09:32
Olaf Doschke
Setmics
Hamburg, Germany
 
General information
Forum:
Visual FoxPro
Category:
Forms & Form designer
Title:
Re: Password Validation
Environment versions
Visual FoxPro:
VFP 9 SP2
OS:
Windows XP SP2
Network:
Windows XP
Database:
Visual FoxPro
Miscellaneous
Thread ID:
01316257
Message ID:
01316324
Views:
14
>Fred,
>
>You problem may reside in this line;
>
>
>if rtrim(Users.Password) = rtrim(thisform.txtPassword.value)
>
yes, simply try
? "secretpassword"=""

If you had put it the other way around it would at least have been better.

>
>if Users.Password == PADR(ALLTRIM(thisform.txtPassword.value),LEN("Users.Password"))
>
True, or
Alltrim(Users.Password)==Alltrim(thisform.txtPassword.value)
Still there are much better ways for validation, eg you should not store cleartext passwords, but store a hash value (like MD5("thepassword") and compare the hashed entered password to the stored hash.

Even better, hash a combination of userid and password, otherwise people with a valid account simply could copy their own password hash to the user they want to impersonate, by having access to the users table. And the users have access to it, they just may not know where it is stored. That's pretty low security...

Bye, Olaf.
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform