问题
I have a program in which the user needs to login with user name and password.
I'm checking the name from the sys.syslogins table in master db.
But for the password I receive a string with (probably) coded characters like this (1?????????????).
Now what can I do in order to decode that string and take the password in order to compare with the enter it one?
回答1:
Try this:
SELECT name FROM sys.syslogins
WHERE pwdcompare('somepassword', password) = 1
Edited to replace double quotes with single quotes.
回答2:
You can't decode sys.syslogins: it's a one way hash.
You compare like for like if it uses the same technique or run it through pwdcompare
Note: it's also sys.sql_logins in SQL Server 2005+
Also, why would you use SQL Server logins to validate a user? It doesn't make sense...
来源:https://stackoverflow.com/questions/4081651/how-to-decode-password-from-sys-syslogins-table