Solved

Enforcing password strength in a SQL server 2005 user table

Posted on 2008-10-01
3
245 Views
Last Modified: 2012-05-05
I have a table with usernames and passwords for a CMS, but would like to enforce password strength restrictions at the database level so that bad passwords can not be inserted or updated.

We consider a bad password to be one that:
- is less than 6 characters
- does not include a number
- does not include an upper and lower case character

How can we go about this?
0
Comment
Question by:BuddhaNature
3 Comments
 
LVL 39

Accepted Solution

by:
BrandonGalderisi earned 500 total points
ID: 22616688
The problem is that this should be handled by the application accepting the password because you should never store passwords in cleartext in the database.  It should always be stored as a salted hash.


There are discussions about this topic all over including:
http://www.eggheadcafe.com/software/aspnet/32283437/hashing-passwords.aspx
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

So every once in a while at work I am asked to export data from one table and insert it into another on a different server.  I hate doing this.  There's so many different tables and data types.  Some column data needs quoted and some doesn't.  What …
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now