>>>>m5 hash with api - see here
http://www.atoutfox.org/articles.asp?ACTION=FCONSULTER&ID=0000000627>>>
>
>Again, thank you for suggesting HASH approach. I finally read a couple of on-line articles and understood - conceptually - how it works. A couple of conclusions I made is 1. I cannot use it user passwords. My users often forget their password and I have to "look it up" for them. Hash string is one-way only so I could not look it up for customers. If I have to use Hash approach for user passwords I would have to provide users with a way to reset it. Or I would have to create a new one for them every time. But something to consider. 2. For storing SQL Server password in XML file Hash will work nicely. I just have to have (in my head <g>) confidence that it works. Since if I Hash a password into an XML file and user cannot log into SQL Server I would have to
confidently look into SQL Server for the solution and not trying to reset password every time.
I realized last night (after I posted the above message) that can't really use the Hash approach for SQL Server authentication password. Hash approach works when Hash number can be compared with a user entry. But as far as getting password from XML for SQL authentication and including it into the connection string, there is nothing to compare it to, so I will have to encrypt the password.
"The creative process is nothing but a series of crises." Isaac Bashevis Singer
"My experience is that as soon as people are old enough to know better, they don't know anything at all." Oscar Wilde
"If a nation values anything more than freedom, it will lose its freedom; and the irony of it is that if it is comfort or money that it values more, it will lose that too." W.Somerset Maugham