| Author |
Topic |
|
Fatalsniper
Starting Member
45 Posts |
 Posted - 2005-11-12 : 15:33:43
|
| Is there a password datatype(text shown with '*') in SQL Server like there is in access 2000?Thanks in advance! |
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2005-11-12 : 15:42:30
|
| There is no password datatype in either product. There is an input mask in Access for passwords, but it's not a data type. |
 |
|
|
Fatalsniper
Starting Member
45 Posts |
Posted - 2005-11-12 : 16:07:01
|
| ok, how do I set an input mask for a nvarchar, varchar or ntext, field in SQL Server? |
|
|
|
spirit1
Cybernetic Yak Master
11752 Posts |
Posted - 2005-11-12 : 16:34:38
|
what do you mean by that??what input mask?there's no such thing. that should be the front end app's problem.Go with the flow & have fun! Else fight the flow  |
|
|
|
Fatalsniper
Starting Member
45 Posts |
Posted - 2005-11-12 : 16:52:26
|
| Yeah, I know. it is just that I have a USERS table, and I don't want to leave the password field to be plain text where anybody could read it. is there something to do on the server side? |
|
|
|
spirit1
Cybernetic Yak Master
11752 Posts |
Posted - 2005-11-12 : 17:05:53
|
| no.the way to do this is to encrypt the password in the frontend and save the encrypted value in the db.Go with the flow & have fun! Else fight the flow |
|
|
|
TG
Master Smack Fu Yak Hacker
6065 Posts |
Posted - 2005-11-12 : 17:41:00
|
| >>where anybody could read it.whether you encrypt the passwords or not, users should only have access to things you want them to have access to. There are lots of security models out there that solve such issues.Be One with the OptimizerTG |
|
|
|
derrickleggett
Pointy Haired Yak DBA
4184 Posts |
Posted - 2005-11-12 : 22:21:06
|
| What language are you developing your application in fatal?MeanOldDBAderrickleggett@hotmail.comWhen life gives you a lemon, fire the DBA. |
|
|
|
Fatalsniper
Starting Member
45 Posts |
Posted - 2005-11-13 : 01:20:27
|
| I'm using VB as FrontEnd and SQL Server 7 as BackEnd...I know I should probably encrypt password in the frontend...I just wanted to know if there was such a thing...as a mask...and also I just wanted to add users through SQL Server...not let the users handle their own passwords and information, I just denied access to users table to everybody (Except me!) and let a Stored Procedure Authenticate Users, and I thought of creating another SP to addusers that will encrypt passwords...don't even know if it's possible...There're lot of ways to do this...Don't know which one is the best, any suggestions???Thanks everybody... |
|
|
|
spirit1
Cybernetic Yak Master
11752 Posts |
Posted - 2005-11-13 : 08:21:45
|
| AFAIK yahoo, google and most of others do it like this:on registration: - user enters password into a text box - password gets encrypted/hashed/whatever to mangle it in the front end - encrypted/hashed/whatever password is stored in the tableon login: - user enters password into a text box - password gets encrypted/hashed/whatever to mangle it in the front end - encrypted/hashed/whatever passwprd passed to the server is compared with the stored encrypted/hashed/whatever password if you forget you're password they simply give you a new one.that way noone can see you password.Go with the flow & have fun! Else fight the flow |
|
|
|
SamC
White Water Yakist
3467 Posts |
Posted - 2005-11-13 : 09:56:36
|
| https:// will encrypt during transmission to the server, but it's automatically decrypted server side.If you don't want to make a big investment in encryption, you could use the crackable, but fairly secure PWDENCRYPT AND PWDCOMPARE functions which are both undocumented functions of SQL.Sam |
|
|
|
spirit1
Cybernetic Yak Master
11752 Posts |
Posted - 2005-11-13 : 10:05:29
|
| not to mention that .net's rynadael encryption is preety easy to implement and its secure enough.Go with the flow & have fun! Else fight the flow |
|
|
|
derrickleggett
Pointy Haired Yak DBA
4184 Posts |
Posted - 2005-11-13 : 22:12:49
|
quote:
Originally posted by SamC
https:// will encrypt during transmission to the server, but it's automatically decrypted server side.If you don't want to make a big investment in encryption, you could use the crackable, but fairly secure PWDENCRYPT AND PWDCOMPARE functions which are both undocumented functions of SQL.Sam
Please don't do this.  If there is a good standard already out there (which there is for password encryption), make life easier on everyone and use it.MeanOldDBAderrickleggett@hotmail.comWhen life gives you a lemon, fire the DBA. |
|
|
|
|
Password datatype