Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 General SQL Server Forums
 New to SQL Server Programming
 how to encrypt a single field like password field

Author  Topic 

jeb0323
Starting Member

26 Posts
Posted - 2006-05-25 : 15:30:46
without writing code in my application? Does SQL Server have stored procedure to do it?

Any help is appreciated.

Thanks.

robvolk
Most Valuable Yak

15732 Posts
Posted - 2006-05-25 : 16:25:12
There is an undocumented encrypt function. Let's just say, it's better that it's undocumented and you don't use it. (read: weak encryption) Plus there's no built-in way to decrypt.

You can Google for "sql server encryption extended procedures" and you'll find some stuff you might be able to use.
Go to Top of Page

eyechart
Master Smack Fu Yak Hacker

3575 Posts
Posted - 2006-05-25 : 16:29:22
It might be easier to accomplish from your application. That would be a little more secure too, since the password data would be tranferred across the network in it's encrypted form.

There are many free encryption libraries available if you google for it. Here is a good place to start http://en.wikipedia.org/wiki/Blowfish_%28cipher%29 and http://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm



-ec
Go to Top of Page

jeb0323
Starting Member

26 Posts
Posted - 2006-05-25 : 16:34:22
Thanks. I will take a look at these two websites.
Go to Top of Page

Michael Valentine Jones
Yak DBA Kernel (pronounced Colonel)

7020 Posts
Posted - 2006-05-25 : 18:45:15
For the best password security, you should not encrypt the password. Instead, you should hash the password. Only the password hash is stored in the database, so there is nothing that can be decrypted.

When a user logs in, run their password through the hash routine, and send that to to database server to compare to the hashed password.

This way, the password is never stored in the database, and is never sent over the network to the database server.


CODO ERGO SUM
Go to Top of Page

khtan
In (Som, Ni, Yak)

17689 Posts
Posted - 2006-05-25 : 20:43:59
You can also have a look at this. http://www.sqlservercentral.com/columnists/mcoles/sql2000dbatoolkitpart1.asp

KH
Go to Top of Page

afrika
Master Smack Fu Yak Hacker

2706 Posts
Posted - 2006-05-25 : 20:45:40
see this
http://www.activecrypt.com or get in touch with user activecrypt
Go to Top of Page

mr_mist
Grunnio

1870 Posts
Posted - 2006-05-26 : 03:48:07
This depends somewhat on if you're using 2005. 2005 natively supports column level encryption based on keys and certificates, it's far better than 2000 was.

-------
Moo. :)
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site