Below is my create script of user
CREATE LOGIN [sa] WITH PASSWORD=N'ô/PDM643¸}''8%õ''f;âw¡ÈS'
Can you tell me this password please?
I would say its [ ô/PDM643¸}'8%õ'f;âw¡ÈS ].
select N'ô/PDM643¸}''8%õ''f;âw¡ÈS'
Double quotes like: '' makes just one ' at the end.
And shouldn't forget that N'somestirng' not really the same as 'somestring'.
N'somestirng' - stores 2 bytes/char
'somestirng' - stores 1 bytes/char
So if there is some special characters like in this case- it makes difference.
That password is a one way hash of the original password entered. No one here is going to be able to decrypt it without generating a rainbow table based on the way it was hashed.
So, if you've lost the password then you need to login into the machine using the administrator account and change it.
If you're just trying to hack a sql server... well, I don't think anyone needs to give you more advice.
Related
I am new to programming...
I know this probably is the best way to do an Offline login page
but
MYSQL users db (consists of usernames, passwords, id) is 'downloaded' from a php script to iOS device.That part works, and the users print to the console.
What I am struggling with is, checking the textfield where the user enters their username to the 'usersArray' to see if it exists at index[0]
Any help is appreciated.
I'm not entirely sure what you are trying to do here but I think you are trying to take the value of a text field and see if that value appears in your usersArray. Provided this is the case try:
let exists = usersArray.contains(usernameTextField.text)
This will give you a Bool that indicates if the username exists in your array.
Side Note:
Hopefully you are only doing some general testing at the moment but in case you aren't… Please don't send passwords in plain text and absolutely don't download all usernames and passwords even in an encrypted format to a device! Aside from potentially taking up a large amount of space on the user's device you would be making it very easy for unscrupulous people to crack every user password in your database!
I have a local Silverstripe instance but I cannot login and the owners are battling to find their login details. I have the DB so how can I find the Users table and edit it, or make myself an admin account? Thanks
Despite having solved your problem, you did not answer your own question :-). For Google's sake I will try...
The user table is called "Member". It has got the email address and the password in it. You can not manually change the password here, as it is hashed. What you can do is change the email address and use the "forgot password" functionality (in case the client can't do that himself), change the password for the client through the application backend (cms) and change the email address back to its original value. If you are wondering what the MemberPassword table does: AFAIK it only stores a copy of all used passwords by a user (password history)
When you want to make an account administrator, you should first take a look at the Group table and look for "administrators" in the "Code" Column. Take that ID (normally, this would be 2). After that, take a look in the Member table, and look for the user you want to make an admin. Take the ID here as well.
Next, open the Group_Member table and insert a new row (or change the existing if you want) and specify the group id under GroupID and the member id under MemberID.
Adding Security::setDefaultAdmin('admin','admin'); to the _config.php also works, but don't forget to remove it afterwards, just as any phpmyadmin or equivalent that you installed :-)
Just found this add Security::setDefaultAdmin('username', 'password'); to mysite/_config.php. Worked like a bomb!
Create a file _ss_environment.php in the webroot (or the folder above it) if it doesn't already exist. Add these two lines to the bottom:
define('SS_DEFAULT_ADMIN_USERNAME','admin');
define('SS_DEFAULT_ADMIN_PASSWORD','password');
I couldn't come up with a better title, so here is what I'd like to do in an Active Directory (Windows 2008 R2):
A user forgot his password and asks an admin to set his password to a new, randomly generated password. Using this random password, the user logs in again and is prompted to change his password (via having the pwdLastSet option set to 0 when setting the random password).
So far, so good.
Is there a way to enforce that the new random password is only valid for a certain amount of time? The only idea I could come up with was to also set the accountExpires property to "now + n hours", but this poses the problem that I'd have to reset this property as soon as the user legitimatly changes his password within the given time frame, and I don't know how to do that.
Is this at all possible using Windows functionality?
if you have a PasswordExpire date field for each password you can use that. if you don't have, i would recommend you create one.
if you don't want this kind of field you can create a database/file/any other way you choose that contains temporary passwords and their expire date/time
there are many other ways to do it. you need to decide the best for you and if you need help come to use with a problem, this is more a recommendation question.
I'm trying to get a user by email or username from the database, imagine functionality that a user can login either with unique alias or email address, I thought the following would work but it doesn't,
User user =
coll.findOne(DBQuery.is("email", emailOrUsername).or(DBQuery.is("username", emailOrUsername)));
anything i'm missing?
Ok, So apparently the way to create the above query is this:
coll.findOne(DBQuery.or(DBQuery.is("email", emailOrUsername),DBQuery.is("username", emailOrUsername)));
I still don't know what the first query in the original question supposed to do.
I have a stored procedure which has to get a password from my Users table.
I am using a Username as a parameter. What is the best way to get the row where the Username field's contents match the Username parameter, and then the password (as this is the Username/password pair for one user).
Cursors are one way to iterate over a rowset but these aren't desirable.
I am on Sql Server 2005.
It sounds like you just need a standard SELECT query:
SELECT username_column, password_column
FROM your_table
WHERE username_column = #usernameparam
(Or am I misunderstanding the question?)
get a password from my Users table
This is your first problem: NEVER store real passwords in a database. Look into the HashBytes() function and use that for password matching. If you think you need to keep a real password around, perhaps to allow users to recover lost passwords, go talk to the folks over at reddit.
way to iterate over a rowset
This is your second problem. You're thinking in terms of iterating over the rows yourself. This is called imperative programming. While imperative code works great for your normal client code, it's backwards when you're working with a database. Instead, you want to start using declarative programming and think in terms a sets: you write some code that declares to the database the set of records you need returned:
SELECT [password] /*shudder*/ FROM [table] WHERE [username] = #username
SELECT
password
FROM
table
WHERE
username = #username
Assuming that your users table has the columns UserName and Password then a SELECT will work just fine.
SELECT username, password FROM Users WHERE username = #username
However, storing passwords in this manner might not be the best idea security wise.