Re: Application Roles

From: SQL Server Development Team [MSFT] (
Date: 12/18/02

From: "SQL Server Development Team [MSFT]" <>
Date: Wed, 18 Dec 2002 10:26:46 -0800

You could store the password in the registry or in the file system using the
CryptProtectData API to encrypt the password based on either the machine
credentials or the user's credentials. Of course this means a smart user
(or hacker) could get the data back by getting the user to run something on
their behalf...

-Richard Waymire
Group Program Manager, SQL Server
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
"Gary Murphy" <> wrote in message
> I have a question concerning SQL Server Application
> roles.  I want to use application roles in a new
> application we are developing inorder to prevent users
> from using tools like SQL analyzer or MS access from
> accessing the database directly.
> I don't like the idea of hardcoding a password in the
> application code for the application role.
> Any suggestions on how I can use "application roles" and
> somehow encrypt the password so it doesn't show up in the
> application code?
> Thanks...