Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Enforcing password strength in a SQL server 2005 user table

Posted on 2008-10-01
3
Medium Priority
?
261 Views
Last Modified: 2012-05-05
I have a table with usernames and passwords for a CMS, but would like to enforce password strength restrictions at the database level so that bad passwords can not be inserted or updated.

We consider a bad password to be one that:
- is less than 6 characters
- does not include a number
- does not include an upper and lower case character

How can we go about this?
0
Comment
Question by:BuddhaNature
1 Comment
 
LVL 39

Accepted Solution

by:
BrandonGalderisi earned 2000 total points
ID: 22616688
The problem is that this should be handled by the application accepting the password because you should never store passwords in cleartext in the database.  It should always be stored as a salted hash.


There are discussions about this topic all over including:
http://www.eggheadcafe.com/software/aspnet/32283437/hashing-passwords.aspx
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are some very powerful Dynamic Management Views (DMV's) introduced with SQL 2005. The two in particular that we are going to discuss are sys.dm_db_index_usage_stats and sys.dm_db_index_operational_stats.   Recently, I was involved in a di…
Introduction This article will provide a solution for an error that might occur installing a new SQL 2005 64-bit cluster. This article will assume that you are fully prepared to complete the installation and describes the error as it occurred durin…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

879 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question