Force exact case for passwords using ASP?

1. Senior Member
Join Date
Dec 1969
Posts
178

## Force exact case for passwords using ASP?

I have a site with about 50 users on it. Each one has a randomnly generate password comprised of upper and lowercase letters and numbers. Is there a way, in ASP, to make sure the user has entered in exactly the password as it is in the database (upper and lower case)?

2. Senior Member
Join Date
Dec 1969
Location
Los Angeles, CA
Posts
21,192

## Sure

dont use SQL to compare but use ASP<BR><BR>Response.Write "a" = "A"<BR>no prizes to guess what this will return <BR><BR><BR>Now if you want to do it in SQL convert to bianary

3. Senior Member
Join Date
Dec 1969
Posts
5,104

## You could...

Encrypt whatever their password is and store that in the database (better security).<BR><BR>Then, when encrypt whatever they type into the password box.<BR><BR>Compare (in the SQL string) the encrypted values. The encryption will make it case-sensitive.<BR><BR>-Doug

4. Senior Member
Join Date
Dec 1969
Posts
484

## maybe not such a good idea

anyway...<BR>this may bother users more than you think.<BR>and what is the added security?<BR><BR>number of combination is:<BR>number of letters exponanciated by the number of car.(length of password)<BR>if you make it case sensitive you are doubling the number of letter (26?) the the number of combinaison with case sensitivity is 2 (exp. password length) tmes higher (in fact less, because the factor is not exactly 2, but (26+26+10)/(26+10)<BR>provided an extra digit on password length will give you 36 times more combination on a non-sensitive password, the benefits of using case sensitivity over extending the password by one digit starts after the password lenth is 5.<BR><BR>Unless you really have strong security issues, a non-sensitive password 1 (or 2...) digits longer will make it easier for you and your users to handle.<BR>Simply use Lcase() before comparing<BR><BR>well...that is just some thougths

5. Senior Member
Join Date
Dec 1969
Location
Los Angeles, CA
Posts
21,192

## Sure you could

so are you REALLY saying to "have" case sensitive pwds you should encrypt the pwd?<BR><BR><BR><BR>

6. Senior Member
Join Date
Dec 1969
Posts
5,104

## Not quite...

.. as you stated, you CAN have case sensitive pwds, you can do it through ASP.<BR><BR>I was just offering this as another suggestion.<BR><BR>-Doug

#### Posting Permissions

• You may not post new threads
• You may not post replies
• You may not post attachments
• You may not edit your posts
•