[thelist] SQL Server - Sql Question

Paul Cowan evolt at funkwit.com
Mon Jul 15 19:26:16 CDT 2002


Josh Spiegel wrote:
> I found the sys table with the usernames but I can't find the sys table
> with the passwords for the usernames.  Does anybody know the name of it?

It's all in [master].[dbo].[syslogins]. Key fields are [name], [sid], and
[password].

[name]
    = user name

[sid]
    = NT user ID (binary - use SUSER_SNAME(sid) to get the
      corresponding login)

[password]
    = umm, the password.

BUT, the p/w is NOT in plain-text: it's hashed in a one-way hashing
algorithm. When you try and login, it takes what you typed as the
password, applies the exact same hashing algorithm, and checks if they
match. Because the algorithm is one-way[1], you can't get the password
back from the hash. This is the way passwords work in most (half-decently
secure) system.

So if you're after the plain text p/w, you can't get it from SQL server.
Sorry.

Paul

[1] one-way, but not necessarily that good, as revealed in the last
    few days. See http://www.theregister.co.uk/content/4/26086.html






More information about the thelist mailing list