Sql Server Programming :: Encrypt or decrypt our password


	Encrypt or decrypt our password Friends, I have plan to store application passwords in there database. So how i can Encrypt or decrypt our password. Is there any other way to store the password. Regards Rahul Hi Do you use SQL Server 2005? "Rahul" <verma.car@gmail.com> wrote in message news:1173264193.458833.87520@n33g2000cwc.googlegroups.com... - Hide quoted text - > Friends, > I have plan to store application passwords in there database. > So how i can Encrypt or decrypt our password. > Is there any other way to store the password. > Regards > Rahul HI SQL 2000 does not have any built-in column value encryption technique, you have to relay on 3rd party app. but 2005 support simple symmetric encryption VT "Uri Dimant" <u@iscar.co.il> wrote in message news:e1EgjuKYHHA.3996@TK2MSFTNGP02.phx.gbl... - Hide quoted text - > Hi > Do you use SQL Server 2005? > "Rahul" <verma.car@gmail.com> wrote in message > news:1173264193.458833.87520@n33g2000cwc.googlegroups.com... >> Friends, >> I have plan to store application passwords in there database. >> So how i can Encrypt or decrypt our password. >> Is there any other way to store the password. >> Regards >> Rahul Hello Rahul, If it is SQL 2000, then encrypt the password in the application layer itself. If it is SQL 2005, you could use the new SYMMETRIC or ASymetric encrytions available in SQL Server itself. Take a look into the article which details the encryption with examples. http://www.microsoft.com/technet/itshowcase/content/sqldatsec.mspx http://www.sqlservercentral.com/columnists/mcoles/sql2005symmetricenc... Thanks Hari "Rahul" <verma.car@gmail.com> wrote in message news:1173264193.458833.87520@n33g2000cwc.googlegroups.com... - Hide quoted text - > Friends, > I have plan to store application passwords in there database. > So how i can Encrypt or decrypt our password. > Is there any other way to store the password. > Regards > Rahul there are undocumented functions pwdencrypt and pwdcompare in SQL 2000. ;) Hari Prasad rae: - Hide quoted text - > Hello Rahul, > If it is SQL 2000, then encrypt the password in the application layer > itself. If it is SQL 2005, you could use the new SYMMETRIC or ASymetric > encrytions > available in SQL Server itself. > Take a look into the article which details the encryption with examples. > http://www.microsoft.com/technet/itshowcase/content/sqldatsec.mspx > http://www.sqlservercentral.com/columnists/mcoles/sql2005symmetricenc... > Thanks > Hari > "Rahul" <verma.car@gmail.com> wrote in message > news:1173264193.458833.87520@n33g2000cwc.googlegroups.com... > > Friends, > > I have plan to store application passwords in there database. > > So how i can Encrypt or decrypt our password. > > Is there any other way to store the password. > > Regards > > Rahul > there are undocumented functions pwdencrypt and pwdcompare in SQL 2000. ;) These undocumented functions can break applications when behavior changes between service packs/versions. I wouldn't go there ;-) -- Hope this helps. Dan Guzman SQL Server MVP "kuNDze" <kun@gmail.com> wrote in message news:1173274028.572441.28990@q40g2000cwq.googlegroups.com... there are undocumented functions pwdencrypt and pwdcompare in SQL 2000. ;) Hari Prasad rase: - Hide quoted text - > Hello Rahul, > If it is SQL 2000, then encrypt the password in the application layer > itself. If it is SQL 2005, you could use the new SYMMETRIC or ASymetric > encrytions > available in SQL Server itself. > Take a look into the article which details the encryption with examples. > http://www.microsoft.com/technet/itshowcase/content/sqldatsec.mspx > http://www.sqlservercentral.com/columnists/mcoles/sql2005symmetricenc... > Thanks > Hari > "Rahul" <verma.car@gmail.com> wrote in message > news:1173264193.458833.87520@n33g2000cwc.googlegroups.com... > > Friends, > > I have plan to store application passwords in there database. > > So how i can Encrypt or decrypt our password. > > Is there any other way to store the password. > > Regards > > Rahul If you are using SQL 2000, you can do the encryption and decryption in the middle tier and send the encrypted password into SQL Server as binary. vt stated that SQL 2005 has simple symmetric encryption, which isn't the whole story. As Hari already noted, if you are using SQL 2005, you can do symmetric and asymmetric encryption, and as simple or complex as one desires. PLEASE - Whatever you do, use a real encryption algorithm and not home-grown encryption like XOR or bit shifting! -- Peter DeBetta, MVP - SQL Server http://sqlblog.com -- "Rahul" <verma.car@gmail.com> wrote in message news:1173264193.458833.87520@n33g2000cwc.googlegroups.com... - Hide quoted text - > Friends, > I have plan to store application passwords in there database. > So how i can Encrypt or decrypt our password. > Is there any other way to store the password. > Regards > Rahul On 7 Mar, 10:43, "Rahul" <verma.car@gmail.com> wrote: > Friends, > I have plan to store application passwords in there database. > So how i can Encrypt or decrypt our password. > Is there any other way to store the password. > Regards > Rahul Are you sure you want to encrypt the passwords? The only good excuse for doing so is if you need to support some kind of password recovery. Password recovery has its own security problems so avoid it if you can. Best practice is to hash the password rather than encrypt it. Good password management rules are a must as well. You can hash passwords either with the HashBytes function in SQL Server 2005 or with Microsoft's crypto API in any other version. -- David Portas, SQL Server MVP Whenever possible please post enough code to reproduce your problem. Including CREATE TABLE and INSERT statements usually helps. State what version of SQL Server you are using and specify the content of any error messages. SQL Server Books Online: http://msdn2.microsoft.com/library/ms130214(en-US,SQL.90).aspx --