Hi there,

MS Access seems to ignore case sensitivity and it is proving a problem as i need my password to be sensitive.

is there any way to make my password case sensitive or in other words, how do i validate my password and make sure it is exactly the same as the one in Access?

my codes :

if not isempty(Request.Form("Enter")) then set RSUser = conn.Execute("select * from Employee where user_id = '"&Request.Form("userid")&"' and password = '"&Request.Form("password")&"'")
.
.
.


I do not know wat else i need to add to implement case sensitivity. Anyone?
Thanks in advance.

Hmm. I found nothing in the helpfunction (which kinda surprised me).
My fix would be to store encoded or hashed passwords --> extra security + you then automatically have a case-sensitive match.

Hmm. I found nothing in the helpfunction (which kinda surprised me).
My fix would be to store encoded or hashed passwords --> extra security + you then automatically have a case-sensitive match.
This is what I would do.

Yeah use something like MD5 to store your passwords, then you'd get your case sensitivity.

Also, I would not add the password check in the WHERE clause, just the username (you wouldn't want to be attacked by SQL injection method). Then just do:

If not RSUser.BOF and not RSUser.EOF Then
If RSUser.Fields("password")=Request.Form("password") Then
'password correct
Else
'password incorrect
End If
Else
'username does not exist
End If

If you match against an encoded/hashed password, then SQL-injection is impossible.

Even for an undecoded or hashed match, you would better check the submitted password at the top of your code (with a regex) to exlude sql-injections and immedetely stop processing the script.

Ok thanks guys ...Ill try to work it out... :thumbsup:

I found this possible answer: http://www.dbforums.com/archives/t308637.html

that was useful ... :D cheers :thumbsup: