Tuesday, March 27, 2012

Field Encryption

I want to save passwords in an encrypted format in my database. Is there a b
uilt-in function of SQL Server to encrypt these, or should I use my own algo
rythm?
TIA,
Will TThere is none built-in. You can search the archives of this newsgroup for
some ideas. Also check:
www.sqlsecurity.com
Anith|||See:
http://www.microsoft.com/technet/pr...n/sp3sec03.mspx
Storing Credentials
Avoid storing credentials in any form. The best practice is to use only
Windows Authentication and never handle credentials at all. If your
application must connect with a system outside a trusted domain, however,
credential management may become necessary. In this case, the best practice
is to encrypt the credentials using the DPAPI and save them in a registry
key that uses an ACL.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.|||If you are storing user passwords for your application and need a small leve
l of encryption to use. Try the undocumented
PWDENCRYPT:
String function used to encrypt a string using SQL Server's password encrypt
ion algorithm.
SELECT PWDENCRYPT('string')
and
PWDCOMPARE
String function used to compare an unencrypted string to the value returned
by the PWDENCRYPT function.
SELECT CASE ISNULL(PWDCOMPARE ('sa',(SELECT password FROM master.dbo.syslogi
ns WHERE name = 'sa')),0)
WHEN 0 THEN 'Not the same'
WHEN 1 THEN 'Password the same as the login'
END
No real decrypt function available.
These two encryption functions are what SQL Server uses to stored its own pa
sswords, are not extremely strong. Commerical products are available that ar
e much stronger.
Randy
www.Database-Security.Info|||To add to Randy's response, one shouldn't use undocumented features in
production code. These may be changed in future SQL Server versions or
service packs and break your application.
Hope this helps.
Dan Guzman
SQL Server MVP
"Will T" <anonymous@.discussions.microsoft.com> wrote in message
news:158D0D8C-1B5B-4633-AA05-0FAAC0352826@.microsoft.com...
> I want to save passwords in an encrypted format in my database. Is there a
built-in function of SQL Server to encrypt these, or should I use my own
algorythm?
> TIA,
> Will T|||pls send reply sooooooooooooon
****************************************
******************************
Sent via Fuzzy Software @. http://www.fuzzysoftware.com/
Comprehensive, categorised, searchable collection of links to ASP & ASP.NET
resources...sql
Posted by catalognmqi at 11:32 PM
Labels: , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)