Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
noonz
Starting Member
33 Posts |
 Posted - 2010-04-11 : 11:29:59
|
| So I have this front end store system, where users can purchase items from me.It all runs off .NET with a SQL 2005 backend.However, in the utility to manage the logins, there is no option to add admin logins, only use the one that comes with it, "admin"I found the table where this "admin" login info is kept, I added a row but the username does not want to login.I am using the same hashed password as the data on the "admin" row, however, I did notice it has a GUID assigned, I tried to assign one just like it only bringing the last number +1, so it went from0000001686E28004559303178 to 0000001686E28004559303179I do not really see anything else unique within the columnsWhat could be happening to not let my newly inserted data login to the admin panel of this site?Please let me know if you need more info..ugh i am so stuckI even tried deleting the default constraint for that GUID column, "AdminGUID"..no luck |
|
|
DBA in the making
Aged Yak Warrior
638 Posts |
Posted - 2010-04-11 : 12:28:27
|
| Hashed passwords in tables quite often have a salt. This means adding something else to the password before hashing it. Username is a common on. eg, you create a login 'bob' with password 'fred'. The username field is populated with 'bob', and the password field is populated with hashFunction('bobfred'). When bob logins in, it hashes his username + password, and looks for a match.This way, if you copy the record, and change the username, it will no longer match the hash. As to you question, if it's a custom authentication + authorisation system, the could be any number of reasons. There could be a flag that's set for the user record, to indicate an admin user. But as there's no user interface to create admin users, my guess is that the software is hard coded to recognize the admin login as the privileged user account. If that's the case, you're stuck. Have you tried contacting the vendor and asking them?------------------------------------------------------------------------------------Any and all code contained within this post comes with a 100% money back guarantee. |
 |
|
|
noonz
Starting Member
33 Posts |
Posted - 2010-04-11 : 12:44:34
|
| Hey there!Thanks for the info..I just went through the entire 1.5 meg .sql file to look around but found nothing.I have just emailed the vendorIt does allow you to create logins for the store (buyers), but not any additional admin loginsSince it allows me to create additional regular purchaser user accounts, would there be anything i could check then? Possibly to see how the regular users are getting encrypted? There is a flag to turn encryption off...but I don't think that would be too safe to do |
|
|
|
DBA in the making
Aged Yak Warrior
638 Posts |
Posted - 2010-04-11 : 13:42:33
|
| I doubt there'd be a flag to turn off encryption. Best you could hope for would be a flag to indicate the user is an admin user. Have a look at the table that store the logins. See if you can see anything that's different between the admin user and the other users.------------------------------------------------------------------------------------Any and all code contained within this post comes with a 100% money back guarantee. |
|
|
|
noonz
Starting Member
33 Posts |
Posted - 2010-04-11 : 16:36:33
|
| They are completely different tables, the admin is in the admin table and the users get put into the users table with different columns in both.So weird, no way to check encryption eh? Would someone agree that it is probably an issue with the GUID on the admin I am trying to add to the admin table? |
|
|
|
|
|
|
|
|
Help with this SQL backend for VB.NET web app