Solved

Enforcing password strength in a SQL server 2005 user table

Posted on 2008-10-01
3
255 Views
Last Modified: 2012-05-05
I have a table with usernames and passwords for a CMS, but would like to enforce password strength restrictions at the database level so that bad passwords can not be inserted or updated.

We consider a bad password to be one that:
- is less than 6 characters
- does not include a number
- does not include an upper and lower case character

How can we go about this?
0
Comment
Question by:BuddhaNature
3 Comments
 
LVL 39

Accepted Solution

by:
BrandonGalderisi earned 500 total points
ID: 22616688
The problem is that this should be handled by the application accepting the password because you should never store passwords in cleartext in the database.  It should always be stored as a salted hash.


There are discussions about this topic all over including:
http://www.eggheadcafe.com/software/aspnet/32283437/hashing-passwords.aspx
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Mark Wills Attending one of Rob Farley's seminars the other day, I heard the phrase "The Accidental DBA" and fell in love with it. It got me thinking about the plight of the newcomer to SQL Server...  So if you are the accidental DBA, or, simp…
In SQL Server, when rows are selected from a table, does it retrieve data in the order in which it is inserted?  Many believe this is the case. Let us try to examine for ourselves with an example. To get started, use the following script, wh…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question