Web Wiz Forums - Sticking with V6...

Print Page | Close Window

Sticking with V6...

Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=943
Printed Date: 30 March 2026 at 3:54am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com

Topic: Sticking with V6...

Posted By: Sweet
Subject: Sticking with V6...
Date Posted: 12 March 2003 at 4:36am

This is mainly for borg but anyone else can help then great.

I've spent a lot of time customizing v6 before v7 was released and although v7 looks great I think i'll stick to v6 because it works fine for me and it would take me too long to customize the forum again.

I was wandering while you were updating the forum to v7 what obvious code changes could I make to the latest v6 to:

+ improve the speed
+ increase security
�
Also how easy is it to implement the 160bit Encryption of passwords?

Thanks.

Replies:

Posted By: dolby71
Date Posted: 12 March 2003 at 8:52am

Sweet wrote:

Also how easy is it to implement the 160bit Encryption of passwords?

I asked myself the same question....

Posted By: michael
Date Posted: 12 March 2003 at 10:15am

It is easy when you use sql server. password encryption is built in with sql server. so if someone signs up you create the account with a query like the following:
strSQL = "INSERT INTO tblAuthor (Username, [Password]) Values ('"
strSQL = strSQL & Username & "', pwdencrypt('" & strPassword & "')"

I left other fields out. But this function created the password. But one thing you should change is change the field type of the password to binary.

Now when someone logs in you need to compare the clear text password that is submitted by the form with the encrypted value. You could do something like the following:
strSQL = "Declare @LoginUser varchar(30) "
strSQL = strSQL & "Declare @EncryptedPIN varbinary(255) "
strSQL = strSQL & "Select @LoginUser = (Select Username from tblAuthor where Username = '" & strUsername & "') "
strSQL = strSQL & "Select @EncryptedPIN = (Select [Password] from tblAuthor where Username = @LoginUser) "
strSQL = strSQL & "Select @LoginUser AS Username, pwdCompare('" & strPassword & "', @EncryptedPin, 0) AS Success "
strSQL = strSQL & "FROM tblAuthor where Username = @LoginUser"

Now you just read out the value Success if it is 0 then the login failed if it is 1 it was successful. It works very well for me and you would just have to encrypt existing passwords manually using some code. Hope that helps.

Posted By: Sweet
Date Posted: 12 March 2003 at 8:05pm

Thanks michael but I'm using the access version.
How would that work?
Any ideas for the speed/security improvements?

Posted By: michael
Date Posted: 12 March 2003 at 9:19pm

well access is the opposite of secure. sure there will always be ways to improve but it's just the nature of access to be unsecure and slow.