Case sensitivity / SQL server

Using Django
1

Everything I have read about Django indicates that ORM queries are case sensitive. However I am finding that my initial, very basic attempts at this kind of code are not case sensitive.

My model is connected to a SQL server database and I am wondering if that’s the reason for the deviation.

It’s not an issue, I prefer case insensitivity; but there are times when I do need to apply case sensitivity:

class CGUBackend(BaseBackend):
    def authenticate(self, request, username=None, password=None):
        #Make sure the username and password are both provided
        if username==None or password==None:
            return None

        try:
            userValidObj = vwSTAFF.objects.get(EMPLOYEE_NUMBER=username, PASSWORD=password)
        except Exception as ex:
            return None

I really do need to enforce case sensitivity on the password.

The code above should be case sensitive shouldn’t it? And I then need to talk to the people who’ve developed the MSSQL package to find out how to apply that sensitivity when needed.

2

(You’ve got a “plain text” password in your database???)

I would expect this to be case-sensitive.

Check the query being generated - see if Django is possibly creating a case-insensitive query in this situation.

3

The passwords are strong, but essentially plain text, yes. But now you come to mention it I’m not sure there is any technical reason why we can’t use an encrypted password in such a direct way. I’ve posted a separate question relating to this matter, but I’ll have a chat with the DBAs and see what they say.

The query generated is

SELECT TOP 21 [STAFF].[STAFF_CODE], [STAFF].[EMPLOYEE_NUMBER], [STAFF].[PASSWORD] FROM [STAFF] WHERE ([STAFF].[EMPLOYEE_NUMBER] = %s AND [STAFF].[PASSWORD] = %s)

In SQL server that sql statement is not case sensitive. So in this instance I need to use some raw SQL or better still a sproc call.