I'm trying to hash and update an old database which has thousands of plain text passwords. Heres the code I have been testing:
var sql = "Select ID, Password From Customer Where Hash is null AND Len(Password) > 0";
var hashData = db.Query(sql);
//Loop through records
foreach (var legacyPassword in hashData)
{
//Hash Legacy Passwords
var newPassword = Crypto.HashPassword(legacyPassword.Password);
//Create New Unique Identifier
var newGuid = Guid.NewGuid().ToString();
// Remove the hyphens
newGuid = newGuid.Replace("-", string.Empty);
//Update the database with new values
var sqlUpdate = "Update Customer Set HashPassword = @0, Hash = 1, Guid = @1 Where Hash is null AND Len(Password) > 0";
db.Execute(sqlUpdate, newPassword, newGuid);
The problem I have is that this does not seem to evaluate each users password and subsequently hash it (it inserts the same hash string for all records). The same is happening with the GUID identity.
If anyone can point me in the rigth direction it would be a great help :)
var sqlUpdate = "Update Customer Set HashPassword = @0, Hash = 1, Guid = @1 Where Hash is null AND Len(Password) > 0";
With every iteration you are updateing every legacy pasword in the database. I'm guessing about the definition of the lagacyPassword type byt the update statment should be something like this:
var sqlUpdate = "Update Customer Set HashPassword = @0, Hash = 1, Guid = @1 where id = lagacyPassword.ID";
1jus
Member
8 Points
41 Posts
Hash thousands of legacy passwords?
Dec 28, 2012 09:31 PM|LINK
Hi all,
I'm trying to hash and update an old database which has thousands of plain text passwords. Heres the code I have been testing:
var sql = "Select ID, Password From Customer Where Hash is null AND Len(Password) > 0"; var hashData = db.Query(sql); //Loop through records foreach (var legacyPassword in hashData) { //Hash Legacy Passwords var newPassword = Crypto.HashPassword(legacyPassword.Password); //Create New Unique Identifier var newGuid = Guid.NewGuid().ToString(); // Remove the hyphens newGuid = newGuid.Replace("-", string.Empty); //Update the database with new values var sqlUpdate = "Update Customer Set HashPassword = @0, Hash = 1, Guid = @1 Where Hash is null AND Len(Password) > 0"; db.Execute(sqlUpdate, newPassword, newGuid);The problem I have is that this does not seem to evaluate each users password and subsequently hash it (it inserts the same hash string for all records). The same is happening with the GUID identity.
If anyone can point me in the rigth direction it would be a great help :)
Thanks in advance.
Jus
RichardY
Star
8376 Points
1573 Posts
Re: Hash thousands of legacy passwords?
Dec 28, 2012 09:39 PM|LINK
With every iteration you are updateing every legacy pasword in the database. I'm guessing about the definition of the lagacyPassword type byt the update statment should be something like this:
var sqlUpdate = "Update Customer Set HashPassword = @0, Hash = 1, Guid = @1 where id = lagacyPassword.ID";
1jus
Member
8 Points
41 Posts
Re: Hash thousands of legacy passwords?
Dec 28, 2012 09:51 PM|LINK
Thanks Richard, spot on!
Sorry that was a bit of a school boy error now that you've pointed it out.
Many thanks,
Jus