Re: Best way to HIDE passwords that are in a table
- From: "Mike C#" <xyz@xxxxxxx>
- Date: Sat, 14 Apr 2007 13:47:41 -0400
One common method of storing passwords securely in a database is to use a
one-way hash function on the password and store the hashed value in the
database instead of encrypting it. You'll probably want to use an
SHA-family (or other secure) hash function (MD5-family hashes and many other
hash functions are not considered secure). Using this method you'll do
something like this:
-Initially you hash the password and store the hashed value in the database
in a VARBINARY or BINARY column.
-When you need to validate, accept an input string from the user and hash
that string using the same algorithm. Then compare the hashed user input
string to the hash of the password stored in the database.
The down-side is that once you hash a password you can't retrieve it's
original value as you can with encryption/decryption (hence the term
"one-way hash"). This is generally not a problem, however. You can perform
the hashes client-side with .NET or the Windows CryptoAPI or server-side
with extended procedures like these
http://www.sqlservercentral.com/columnists/mcoles/sql2000dbatoolkitpart1.asp
Other options include using .NET or CryptoAPI to encrypt/decrypt your
password client side, or using server-side extended procedures to do the
job.
"MSUTech" <MSUTech@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5D6620EA-05C0-4044-9D1B-497261028F16@xxxxxxxxxxxxxxxx
Hello All,
If I am storing passwords in a table within SQL Server 2000. Is there a
way
to ENCRYPT or HIDE the passwords, so that when I run a SELECT statement, I
can not see them?
If this is not possible, what is the recommended way to HIDE passwords
from
the SQL Server Administrator?
thans...
.
- Prev by Date: Re: Security violation by my host
- Next by Date: UNSAFE ASSEMBLY problem
- Previous by thread: Re: Best way to HIDE passwords that are in a table
- Next by thread: UNSAFE ASSEMBLY problem
- Index(es):
Relevant Pages
|
|
