|
|
Web applications that use Forms authentication often store user credentials (user names and passwords) together with associated role or group lists in Microsoft® SQL Server™ 2000.
This How To describes how to securely look up user names and validate passwords against SQL Server 2000. There are two key concepts for storing user credentials securely:
Storing password digests. For security reasons, passwords should not be stored in clear text in the database. This How To describes how to create and store a one-way hash of a user’s password rather than the password itself. This approach is preferred to storing an encrypted version of the user’s password in order to avoid the key management issues associated with encryption techniques.
For added security and to mitigate the threat associated with dictionary attacks, the approach described in this How To combines a salt (a cryptographically generated random number) with the password, prior to creating the password hash.
| Important: |
The one drawback of not storing passwords in the database is that if a user forgets a password, it cannot be recovered. As a result, your application should use password hints and store them alongside the password digest within the database. |
Validating user input. Where user input is passed to SQL commands, for example as string literals in comparison or pattern matching statements, great care should be taken to validate the input, to ensure that the resulting commands do not contain syntax errors and also to ensure that a hacker cannot cause your application to run arbitrary SQL commands. Validating the supplied user name during a logon process is particularly vital as your application’s security model is entirely dependent on being able to correctly and securely authenticate users.
For more information about validating user input for SQL commands and for validation functions, see “SQL Injection Attacks” in Chapter 12, “Data Access Security.”
|
|