Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Password Validation
Message
De
11/05/2008 17:09:32
Olaf Doschke
Setmics
Hamburg, Allemagne
 
Information générale
Forum:
Visual FoxPro
Catégorie:
Gestionnaire d'écran & Écrans
Titre:
Re: Password Validation
Versions des environnements
Visual FoxPro:
VFP 9 SP2
OS:
Windows XP SP2
Network:
Windows XP
Database:
Visual FoxPro
Divers
Thread ID:
01316257
Message ID:
01316324
Vues:
16
>Fred,
>
>You problem may reside in this line;
>
>
>if rtrim(Users.Password) = rtrim(thisform.txtPassword.value)
>
yes, simply try
? "secretpassword"=""

If you had put it the other way around it would at least have been better.

>
>if Users.Password == PADR(ALLTRIM(thisform.txtPassword.value),LEN("Users.Password"))
>
True, or
Alltrim(Users.Password)==Alltrim(thisform.txtPassword.value)
Still there are much better ways for validation, eg you should not store cleartext passwords, but store a hash value (like MD5("thepassword") and compare the hashed entered password to the stored hash.

Even better, hash a combination of userid and password, otherwise people with a valid account simply could copy their own password hash to the user they want to impersonate, by having access to the users table. And the users have access to it, they just may not know where it is stored. That's pretty low security...

Bye, Olaf.
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform