Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
elsietina
Starting Member
12 Posts |
 Posted - 2002-03-25 : 11:12:36
|
| Is this possible? if yes how can i implement this?At the time of the initial login,(Via web) the user should be forced to change the password to a unique and proper password known only to the user. The new password should be stored in the database in encrypted form so that even a Database administrator will be unable to read. (The administrator could reset the password, after which time the user would know a change occurred if the request to change was not authorized.) |
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2002-03-25 : 12:34:11
|
| You can store the password in SQL Server, and even encrypt it, but your web application would need to enforce password changes. You could enforce this with Windows Authentication, but that's not a really viable option in an Internet environment.SQL Server has some internal encryption features, but they are not officially documented and should not be used as they might change. There is also no "decrypt" facility for these features. You can use another method for encrypting passwords:http://www.sqlteam.com/SearchResults.asp?SearchTerms=encrypt |
 |
|
|
bouno
Starting Member
23 Posts |
Posted - 2002-03-25 : 21:37:31
|
quote:
Is this possible? if yes how can i implement this?At the time of the initial login,(Via web) the user should be forced to change the password to a unique and proper password known only to the user. The new password should be stored in the database in encrypted form so that even a Database administrator will be unable to read. (The administrator could reset the password, after which time the user would know a change occurred if the request to change was not authorized.)
|
|
|
|
|
|
|
Security