Benjamin Krajmalnik
|
| Posted: 01/25/2005, 6:50 PM |
|
The CCLoginUser function has one minor flaw.
Since a query is being sent to the backend including both the login and
password, the check is a not case sensitive.
Therefore, if your password is "Password", "password" will also return as a
valid password (which in most systems is not the case).
On the next release of CCS, you may want to record the manner in which the
check is performed to retrieve the password field in the recordset and then
compare it to the password passed to the function.
While I have not looked at the other languages, I assume the same applies.
Regards,
Benjamin
|
|
|
 |
peterr
Posts: 5971
|
| Posted: 01/25/2005, 11:07 PM |
|
I believe that the password check is done correctly and is case sensitive, but depends on database configuration. If your database isn't configured for case sensitive indexing then it won't work. An additional check in the program will not help if the databse would always return a case insensitive record. And from what I've read this should be setup in the database.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
 |
|
Benjamin Krajmalnik
|
| Posted: 01/26/2005, 5:37 PM |
|
Peter,
You are correct. Upon further research, i found that the collation sequence
on the backend determines whether the searches are case sensitive or case
insensitive.
I just tried sending a direct query to SQL Server 2000.
I have a table of reps.
I used a colimn called FirstName.
I searched for all records where FirstName = 'benjamin' - returend one
(although the value in the database is 'Benjamin'. The same query with
'Benjamin' also returned one record.
I guess I will contine to "overide" my CCLoginUser, since the database
against which I am working has case insensitive colation on the one hand,
but the interface requires password validation to be case sensitive (which
cannot be done properly with the function as is).
Thanks for looking into this for me.
|
|
|
|
|
