Hello All,
If I am storing passwords in a table within SQL Server 2000. Is there a way
to ENCRYPT or HIDE the passwords, so that when I run a SELECT statement, I
can not see them?
If this is not possible, what is the recommended way to HIDE passwords from
the SQL Server Administrator?
thans...SQL 2000 does not have built in tools for encryption but it support 3rd part
y
solutions.
check out the link below
http://www.sqlservercentral.com/col...oolkitpart1.asp
and also this one is pretty popular not free but not expensive
http://www.xpcrypt.com/
Good day,
Bulent
"MSUTech" wrote:
> Hello All,
> If I am storing passwords in a table within SQL Server 2000. Is there a w
ay
> to ENCRYPT or HIDE the passwords, so that when I run a SELECT statement, I
> can not see them?
> If this is not possible, what is the recommended way to HIDE passwords fro
m
> the SQL Server Administrator?
> thans...|||Hello,
Please use the password encrytion from your application side and stored the
encrypted data into database.
Thanks
Hari
"MSUTech" <MSUTech@.discussions.microsoft.com> wrote in message
news:5D6620EA-05C0-4044-9D1B-497261028F16@.microsoft.com...
> Hello All,
> If I am storing passwords in a table within SQL Server 2000. Is there a
> way
> to ENCRYPT or HIDE the passwords, so that when I run a SELECT statement, I
> can not see them?
> If this is not possible, what is the recommended way to HIDE passwords
> from
> the SQL Server Administrator?
> thans...|||One common method of storing passwords securely in a database is to use a
one-way hash function on the password and store the hashed value in the
database instead of encrypting it. You'll probably want to use an
SHA-family (or other secure) hash function (MD5-family hashes and many other
hash functions are not considered secure). Using this method you'll do
something like this:
-Initially you hash the password and store the hashed value in the database
in a VARBINARY or BINARY column.
-When you need to validate, accept an input string from the user and hash
that string using the same algorithm. Then compare the hashed user input
string to the hash of the password stored in the database.
The down-side is that once you hash a password you can't retrieve it's
original value as you can with encryption/decryption (hence the term
"one-way hash"). This is generally not a problem, however. You can perform
the hashes client-side with .NET or the Windows CryptoAPI or server-side
with extended procedures like these
http://www.sqlservercentral.com/col...oolkitpart1.asp
Other options include using .NET or CryptoAPI to encrypt/decrypt your
password client side, or using server-side extended procedures to do the
job.
"MSUTech" <MSUTech@.discussions.microsoft.com> wrote in message
news:5D6620EA-05C0-4044-9D1B-497261028F16@.microsoft.com...
> Hello All,
> If I am storing passwords in a table within SQL Server 2000. Is there a
> way
> to ENCRYPT or HIDE the passwords, so that when I run a SELECT statement, I
> can not see them?
> If this is not possible, what is the recommended way to HIDE passwords
> from
> the SQL Server Administrator?
> thans...|||Not that this is immediately helpful, but encryption is built into SQL 2005
so that you can do this without having to move it to the business layer. In
2000, as other have pointed out, you would build this into the CRUD object o
r
the business layer accessing the field.
--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Project+
Chicago, IL
Remember: Marking helpful answers helps everyone find the info they need
quickly.
"MSUTech" wrote:
> Hello All,
> If I am storing passwords in a table within SQL Server 2000. Is there a w
ay
> to ENCRYPT or HIDE the passwords, so that when I run a SELECT statement, I
> can not see them?
> If this is not possible, what is the recommended way to HIDE passwords fro
m
> the SQL Server Administrator?
> thans...
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment