We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

encrypt password stored in a table

nwhan
nwhan asked
on
Medium Priority
7,105 Views
Last Modified: 2010-05-18
In mssql server>enterprise manager, i save my user login and password in a table called tbluserlogin. How can i encrypt my password to ensure that other ppl cannot view the password even if he/she opens the tbluserlogin table. Please help. Thanks.
Comment
Watch Question

Billing Engineer
CERTIFIED EXPERT
Most Valuable Expert 2014
Top Expert 2009
Commented:

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
thanks for the reference...but how/where do i put that codes of lines ? pls help...urgent..thanks man
Guy Hengel [angelIII / a3]Billing Engineer
CERTIFIED EXPERT
Most Valuable Expert 2014
Top Expert 2009

Commented:
you can use the function when writing the sql code, hence you cannot use it in the enterprise manager directly.
Guy Hengel [angelIII / a3]Billing Engineer
CERTIFIED EXPERT
Most Valuable Expert 2014
Top Expert 2009

Commented:
to be clear: you need to write the update/insert statement in the query analyser or any custom application running sql statements

Author

Commented:
so u mean i execute your codes when i create users in a table ?
means at the same time i use "insert users" sql query, i'll have to include those codes of yours together? all at the same time when i create user?
CERTIFIED EXPERT
Top Expert 2012

Commented:
Yes and also when you retrieve them you will have to decrypt them.

Or you could use SQL Server 2005 ...

Author

Commented:
ic..but how do i decrypt them when i wanna retrieve the password?
isit when i put the codes together for "select" sql query ?
can u provide me some codes ? simple1...like save username and password(with encryption) into tbluserlogin and retrieving them(decrypt) ?
pwdencrypt doesnt have a decrypt function (at least not a legitimate one)  u use pwdcompare to compare an unencrypted value (supplied by the user) with the encrypted stored value.    or encrypt the value to user supplied and test for equality with the encrypted stored one.
CERTIFIED EXPERT
Top Expert 2012
Commented:
See here:
http://www.devx.com/tips/Tip/14407

And of course you should understand that pwdencrypt and pwdcompare are undocumented functions and apparently have changed in SQL Server 2005.

Author

Commented:
it works fine on the encrypting part...but when i need to authorise the user login, this part im having problem..how can i decrypt them in an easier way ?
Guy Hengel [angelIII / a3]Billing Engineer
CERTIFIED EXPERT
Most Valuable Expert 2014
Top Expert 2009

Commented:
you cannot decrypt. you can only compare the crypted value with the supplied password using the pwd_compare function.
CERTIFIED EXPERT
Top Expert 2012

Commented:
>>how can i decrypt them in an easier way ? <<
Did you bother to read the article from the link I posted?
CERTIFIED EXPERT
Top Expert 2012

Commented:
Fair enough.  What are you stuck on?  Please post the code you have so far.

Author

Commented:
well, i just need to know how can i encrypt a password entered in txtpassword and to be passed it's encrypted value to another label(lblpassword). With that concept, i'll be able to do comparison with the existing password in my database table.

*Since ur encryption style works for sql query, how can i encrypt it through the coding part in vb.net coding?
CERTIFIED EXPERT
Top Expert 2012

Commented:
>>how can i encrypt it through the coding part in vb.net coding? <<
You need to post in a more appropriate Topic Area such as:
http://www.experts-exchange.com/Programming/Programming_Languages/Dot_Net/VB_DOT_NET/

Author

Commented:
u mean you only know how to encrypt the password and save to db table ?
so you do not know how to encrypt the password entered to be compared to the encrypted password from the db table to authorise login?
Pass the unencrypted password from the client code into a a stored procedure or the likes and use the pwdcompare function, returning whether the pwd matched or not back to the client.
CERTIFIED EXPERT
Top Expert 2012

Commented:
>>u mean you only know how to encrypt the password and save to db table ?<<
I don't believe English can be your first language, so I will try it again:  There are two options here:

1. If this question is related to "encrypt it through the coding part in vb.net coding" than it should be posted in a more appropriate Topic Area.  

2. If on the other hand you are trying to pass the password as clear text and do it all with T-SQL than you need to follow angelIII and ShogunWade's advice.  Just understand that pwdencrypt and pwdcompare are undocumented functions and are liable to be removed or changed.

So which is it?

In the meantime, you will find experts more responsive if you take the time to attend to the following abandoned question:
http://www.experts-exchange.com/Web/Hosting/Q_21715432.html
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.