Validation of Password

Question

4.00/5 (1 vote)

See more:

Hi,

I have an application with MS-Access as backend.
When i checked entered password with database password, the system ignore cases (let me give an example, actual password is Test but if i type test/TeSt/TEST also it is allowing me to login.)
How to fix this ?

any help ?

here is my code

VB

Try
            cn.Open()
            cmd = New OleDbCommand("select *from Login where uname='" & TextBox4.Text & "' and pwd='" & TextBox3.Text & "'", cn)
            rs = cmd.ExecuteReader
            If rs.HasRows Then
                Session("validated") = True
                Response.Redirect("home.aspx")
            Else
                Label4.Visible = True
                Label4.Text = "Wrong UserName or Password, Try Again!!"
                TextBox3.Focus()
            End If
            cn.Close()
        Catch ex As Exception
            cn.Close()
        End Try
        If TextBox4.Text = "" Then
            Label4.Visible = True
            Label4.Text = "Please Enter UserName"
        ElseIf TextBox3.Text = "" Then
            Label4.Visible = True
            Label4.Text = "Please Enter Password"
            TextBox3.Focus()
        End If

Posted 15-Jun-11 20:31pm

Donthi Thirupathi Reddy

Updated 15-Jun-11 20:51pm

koolprasad2003

v3

Add a Solution

3 solutions

Solution 1

Post the code where you are comparing the entered value with the DB value. Use "StringComparison" enum in the string.equals method like:
string.Equals("test", "Test", StringComparison.CurrentCulture);

Posted 15-Jun-11 20:34pm

RakeshMeena

Updated 15-Jun-11 20:37pm

v2

Solution 3

Don't store password in its original form, ever.

Please see the answers in this discussion (my answer is there, too, but you look at all of the answers): Password saving .NET[^].

—SA

Posted 15-Jun-11 22:48pm

Sergey Alexandrovich Kryukov

Comments

koolprasad2003 16-Jun-11 6:46am

Good one

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

koolprasad2003 · Accepted Answer · 2011-06-15T20:46:00

Solution 2

Fetch password from database with the help of UserName and then compare entered password value with fetched one.

Posted 15-Jun-11 20:46pm

koolprasad2003

Comments

Donthi Thirupathi Reddy 16-Jun-11 2:59am

Thanx, your idea Solved my problem

koolprasad2003 16-Jun-11 3:02am

well done

[no name] 16-Jun-11 3:00am

Well said Koolprasad.

koolprasad2003 16-Jun-11 3:03am

thankx