Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Encryption in sql server 2000

Posted on 2004-10-06
14
Medium Priority
?
589 Views
Last Modified: 2007-12-19
Hi experts

Can I encrypt some data ( like password ) using sql server. Is there any stored procedure to doing this?

Thank you
DishanF

0
Comment
Question by:Dishan Fernando
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +3
14 Comments
 
LVL 10

Expert Comment

by:imrancs
ID: 12245938
I think you want to encrypt Password of the users of your front end application, if so then i would  recommend that you should have your Encrypt and Decrypt functions to do so. If you are using .NET on front end then there is builtin class for encryption.


Imran
0
 
LVL 12

Expert Comment

by:ill
ID: 12246326
There is no encrypt option for  column is sql server.
i personally handle  password encryption with dynamically created SPs created "with "with encryption" option.
0
 
LVL 8

Author Comment

by:Dishan Fernando
ID: 12246733
I think you all guys didnt understand my probleam. I want to Encrypt some data (Say "ABC" ) using some SQL. I can Encrypt those things in .NET .
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 12

Accepted Solution

by:
ill earned 336 total points
ID: 12246854
create table users ( id int, name nvarchar(200), pwd nvarchar(200) )
GO
create trigger enc on users for insert, update as
if @@nestlevel=1 begin
declare @id int, @pwd nvarchar(200), @fname varchar(40)
declare c cursor  for select id, pwd from inserted

open c
fetch next from c into @id, @pwd
while @@fetch_status=0 begin
      set @fname= 'fenc'+ cast( @id as varchar(20))
      if exists (select * from dbo.sysobjects where id = object_id('dbo.'+ @fname) and xtype in (N'FN', N'IF', N'TF'))
            exec( 'drop function ' + @fname)
      exec( 'create function dbo.'+ @fname+'(@id int) returns nvarchar(200) with encryption as begin return('''+ @pwd+''') end')
      update users set pwd= cast( id as nvarchar(20)) where id= @id
      fetch next from c into @id, @pwd
end
close c deallocate c
end
go
insert into users values ( 1, 'admin', 'encrypted')
insert into users values ( 2, 'admin2', 'moreencrypted')
insert into users values ( 3, 'admin3', 'mostencrypted')
GO
select * from users

select id, name, "pwd"= dbo.fenc1(id) from users where id=1
select id, name, "pwd"= dbo.fenc2(id) from users where id=2
select id, name, "pwd"= dbo.fenc3(id) from users where id=3
0
 
LVL 8

Author Comment

by:Dishan Fernando
ID: 12247286
Hi all

I found the way to doing something like this.

SELECT PWDENCRYPT('d')

But its undocumented !!



0
 
LVL 18

Assisted Solution

by:ShogunWade
ShogunWade earned 332 total points
ID: 12248275
PWDENCRYPT is the encryption procedure that sql uses to store passwords in syslogins.   I use this to store passwords myself but be aware that there is no PWDDECRYPT sp   you can compare an unencrypted string with a PWDENCRYPT'ed string using PWDCOMPARE which will give a 1 or 0 result.
0
 
LVL 18

Expert Comment

by:ShogunWade
ID: 12248314
Of course a further word of warning is that as PWDENCRYPT is a built in sp, there are hacker tools to decrypt it.   So for improved security you could adopt ill's suggestion of writing your own.    Then only you know the algorythm.
0
 
LVL 7

Assisted Solution

by:Lori99
Lori99 earned 332 total points
ID: 12253283
You can check out this product.  I have played with it a bit and it works well.  If all you need to encrypt is a password, I believe you could use the free version.  It is fully featured, just limited to the number of characters that can be encrypted.

http://www.xpcrypt.com/
0
 
LVL 7

Expert Comment

by:Lori99
ID: 12504135
Since any of the recommended solutions should work I suggest:

ill - 100 points
ShogunWade - 100 points
Lori99 - 50 points
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 12547988
You can split this yourself.  There is an option down towards the bottom to do that.

Bob
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 12547997
My bad, didn't read who asked the question :)

Bob
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
A Stored Procedure in Microsoft SQL Server is a powerful feature that it can be used to execute the Data Manipulation Language (DML) or Data Definition Language (DDL). Depending on business requirements, a single Stored Procedure can return differe…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question