0

I have basic login for a website I am using and I simply don't want the register to allow inserting of the same data. So far in a stored procedure I have.

INSERT INTO RegisteredUsers (Email, PasswordHash) 
VALUES (@Email, HASHBYTES('SHA2_512', @Password))

How would I update this so that it does not allow duplicate records of email?

Thanks

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
coderStew
  • 137
  • 2
  • 13
  • 1
    Use a `UNIQUE CONSTRAINT`. – Thom A Jan 20 '20 at 10:59
  • 1
    Don't use that code at all. Don't try to create your own password storage scheme. What you posted is *already broken* - it's trivial to find the password simply by checking a table of pre-calculated hashes. That's why passwords are *salted* before they get hashed *at least 1000 times* – Panagiotis Kanavos Jan 20 '20 at 11:00
  • OKay what is a better route to do this ? – coderStew Jan 20 '20 at 11:00
  • Don't write your own code *at all*. Use the authentication mechanism in the web framework you use. If you use ASP.NET for example, all versions offer secure authentication – Panagiotis Kanavos Jan 20 '20 at 11:01
  • Can't agree more on the salting and hashing of passwords either. The unhashed (and unsalted) password should **never** reach the RDBMS. – Thom A Jan 20 '20 at 11:03
  • If you want to understand the principles of salting and hashing, there are plenty of [examples](https://stackoverflow.com/q/2138429/2029983) [here](https://stackoverflow.com/q/12724935/2029983) [on](https://stackoverflow.com/q/16891729/2029983s) Stack Overflow. If you don't understand them, ask a new question, referencing the parts you don't, and explain what you've tried and why it isn't working. – Thom A Jan 20 '20 at 11:05
  • Okay so could I hash the password and then send to the sql ? I would be hashing it through npm express for react – coderStew Jan 20 '20 at 11:07
  • You can hash (and salt) it in the application yes. Just don't forget to provide the salt to the RDBMS and store that as well; as each user's salt should be different too. – Thom A Jan 20 '20 at 11:09

0 Answers0