Is it possible to authenticate a Sqlanywhere system user without creating a new database connection?

Question

In Sybase Sqlanywhere, system users are stored in sys.sysuser.

Here is an example row from the table, for the user 'dba' with the password 'sql'.

user_id 1
object_id 175
user_name 'DBA'
password 0x013819f1b5d5a9fd1ba98e5b999239277b6296bee4bc28653802cd103d50fa76141aef7500
login_policy_id 173
expire_password_on_login_policy_id 0
password_creation_time '2012-02-23 11:24:32.000'
failed_login_attempts 0
last_login_time '2012-06-27 17:33:00.000'

I want to know how the password is hashed, or if anybody knows of a procedure or function that can be called to authenticate a username password combination in Sqlanywhere.

did you ever figure out the specifics of the hashing algo that is used? — David Murdoch, Jan 14 '14 at 21:45

Graeme Perrow · Accepted Answer · 2014-01-14T20:22:58.573

3

Passwords in SQL Anywhere are hashed using the SHA-256 algorithm, but the exact method of doing this is unpublished. In version 16.0 or later, you can use the sa_verify_password() stored procedure to verify the password of the current user.

If you want to verify a password for a different user, or if you are using a server prior to v16, the only way to verify a password is to attempt a connection using that password.

Disclaimer: I work for Sybase in SQL Anywhere engineering.

edited Jan 14 '14 at 20:22

answered Jul 12 '12 at 12:25

Graeme Perrow

56,086
21
82
121

I don't imagine you feel like publishing this information somewhere? – David Murdoch Jan 14 '14 at 19:20
No, but I did update my answer to include a new function available in version 16.0. – Graeme Perrow Jan 14 '14 at 20:23
Cool. Do you mind glancing at http://stackoverflow.com/questions/21101024/sybase-database-password-recovery? – David Murdoch Jan 14 '14 at 20:39

Is it possible to authenticate a Sqlanywhere system user without creating a new database connection?

1 Answers1