If my table inside the database look like: userid uniqueidentifier username varchar(20) password varbinary(max)

Question

0

Asked: May 12, 20262026-05-12T06:53:02+00:00 2026-05-12T06:53:02+00:00

If my table inside the database look like: userid uniqueidentifier username varchar(20) password varbinary(max)

0

If my table inside the database look like:

 userid uniqueidentifier
 username varchar(20)
 password varbinary(max)

When the user submit(to register), I send the user/pass to a stored procedure.

The stored procedure create a new GUID(Using NEWID()) then I use the HashBytes(sha1) function of SQL Server to create the password based on the GUID+password provided then I insert the values into the table above.

When the user submit(to login), I send the user/pass to a stored procedure.

The stored procedure look for the username and grab the userid to compare the hashbyte(sha1) of guid+password with the password field.

do you see any flaw inside that logic?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-12T06:53:02+00:00

Editorial Team

2026-05-12T06:53:02+00:00Added an answer on May 12, 2026 at 6:53 am

That’s pretty standard – a guid would be fine for a salt. The point of a salt is to prevent Rainbow attacks, and pretty much any value that’s random (or even if not random, then at the very least, different) for each user will do the trick.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

If my table inside the database look like: userid uniqueidentifier username varchar(20) password varbinary(max)

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply