BCrypt Hashed Password Truncated in The Database

StackOverflow https://stackoverflow.com/questions/9281181

문제

I'm using .Net implementation of BCrypt for storing passwords in the database. The password column is VARCHAR(MAX)

This is the code that updates the Password via stored procedure: 

Update [User] 
Set [Password]= @NewPassword, 
ModifiedOn = GetDate(),
ModifiedBy = 'PasswordChanger'
Where [UserName] = @UserName

For some users, the password gets truncated. An example after truncation is: $2a$12$XM2

This is not the case always.

Please help me understand what could cause the truncation?

UPDATE:

Here is the C# code that calls the SP to update the password: 

string HashedPassword;
int NumberOfRowsAffected;
try
            {
                Database jss = DatabaseFactory.CreateDatabase();
                HashedPassword = BCrypt.HashPassword(txtPassword.Text, BCrypt.GenerateSalt(12));
                NumberOfRowsAffected = jss.ExecuteNonQuery("procUpdatePassword", GetLogin(HttpContext.Current.User.Identity), HashedPassword);
                if (NumberOfRowsAffected > 0)
                    lblStatus.Text = "Password updated.";
                else
                {
                    lblStatus.Text = "Password not updated for this user.";
                }

            }
            catch (Exception ex)
            {
                lblStatus.Text = "Password was not changed due to an error.";
                lblStatus.Text += ex.ToString();
            }
도움이 되었습니까?

해결책

  1. Please check your input parameter length of the password being used in Stored Procedure...
  2. Please check your Parameter length of the password being used in the C# function before calling making database request...

Finally, both side should be synchronized with the Table schema.

Sample Code...

using (SqlConnection con = new SqlConnection("Your Connection String"))
{
    using (SqlCommand cmd = new SqlCommand("Your Stored Procedure Name", con))
    {
        SqlParameter param = new SqlParameter();
        param.ParameterName = "Parameter Name";
        param.Value = "Value";
        param.SqlDbType = SqlDbType.VarChar;
        param.Direction = ParameterDirection.Input;
        cmd.Parameters.Add(param);
        cmd.ExecuteNonQuery();
    }
}

Note - If not explicitly set, the size is inferred from the actual size of the specified parameter value.

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top