Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
rtutus
Aged Yak Warrior
522 Posts |
 Posted - 2006-08-11 : 15:19:11
|
| I saw that some coders insert encrypted fields which are users passwords in the SQL database. How do we do that. Is that a feature of SQL server or do we do that in the code. also , how do we manage to read the password value from the database when it s all encrypted and looks like weird characters in the password users table.What .Net feature allows that and is there any way to do that in SQL server itself.Thanks |
|
|
Michael Valentine Jones
Yak DBA Kernel (pronounced Colonel)
7020 Posts |
Posted - 2006-08-11 : 16:08:29
|
| Normally, passwords are not encrypted; they are hashed. The advantage of hashing a password is that it cannot be un-hashed. This means that there is no way to steal a users password, because it is not stored in the database.The front-end hashes the password and stores it in the database when the password is first setup.When the user wants to login, the front-end hashes the password that the user enters, and sends that to the database server. The database server compares the hash from the front-end to the hash in the database, and it they are the same, allows the login.There are a number of hash routines available. There is no need for the hash routine on the database side, because the password is always hashed before sending it over the network.CODO ERGO SUM |
 |
|
|
|
|
|
encrypting passwords before inserting them in data