encrypt password stored in a table

In mssql server>enterprise manager, i save my user login and password in a table called tbluserlogin. How can i encrypt my password to ensure that other ppl cannot view the password even if he/she opens the tbluserlogin table. Please help. Thanks.
LVL 1
nwhanAsked:
Who is Participating?
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
0
 
nwhanAuthor Commented:
thanks for the reference...but how/where do i put that codes of lines ? pls help...urgent..thanks man
0
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
you can use the function when writing the sql code, hence you cannot use it in the enterprise manager directly.
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
to be clear: you need to write the update/insert statement in the query analyser or any custom application running sql statements
0
 
nwhanAuthor Commented:
so u mean i execute your codes when i create users in a table ?
means at the same time i use "insert users" sql query, i'll have to include those codes of yours together? all at the same time when i create user?
0
 
Anthony PerkinsCommented:
Yes and also when you retrieve them you will have to decrypt them.

Or you could use SQL Server 2005 ...
0
 
nwhanAuthor Commented:
ic..but how do i decrypt them when i wanna retrieve the password?
isit when i put the codes together for "select" sql query ?
can u provide me some codes ? simple1...like save username and password(with encryption) into tbluserlogin and retrieving them(decrypt) ?
0
 
ShogunWadeCommented:
pwdencrypt doesnt have a decrypt function (at least not a legitimate one)  u use pwdcompare to compare an unencrypted value (supplied by the user) with the encrypted stored value.    or encrypt the value to user supplied and test for equality with the encrypted stored one.
0
 
Anthony PerkinsCommented:
See here:
http://www.devx.com/tips/Tip/14407

And of course you should understand that pwdencrypt and pwdcompare are undocumented functions and apparently have changed in SQL Server 2005.
0
 
nwhanAuthor Commented:
it works fine on the encrypting part...but when i need to authorise the user login, this part im having problem..how can i decrypt them in an easier way ?
0
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
you cannot decrypt. you can only compare the crypted value with the supplied password using the pwd_compare function.
0
 
Anthony PerkinsCommented:
>>how can i decrypt them in an easier way ? <<
Did you bother to read the article from the link I posted?
0
 
Anthony PerkinsCommented:
Fair enough.  What are you stuck on?  Please post the code you have so far.
0
 
nwhanAuthor Commented:
well, i just need to know how can i encrypt a password entered in txtpassword and to be passed it's encrypted value to another label(lblpassword). With that concept, i'll be able to do comparison with the existing password in my database table.

*Since ur encryption style works for sql query, how can i encrypt it through the coding part in vb.net coding?
0
 
Anthony PerkinsCommented:
>>how can i encrypt it through the coding part in vb.net coding? <<
You need to post in a more appropriate Topic Area such as:
http://www.experts-exchange.com/Programming/Programming_Languages/Dot_Net/VB_DOT_NET/
0
 
nwhanAuthor Commented:
u mean you only know how to encrypt the password and save to db table ?
so you do not know how to encrypt the password entered to be compared to the encrypted password from the db table to authorise login?
0
 
ShogunWadeCommented:
Pass the unencrypted password from the client code into a a stored procedure or the likes and use the pwdcompare function, returning whether the pwd matched or not back to the client.
0
 
Anthony PerkinsCommented:
>>u mean you only know how to encrypt the password and save to db table ?<<
I don't believe English can be your first language, so I will try it again:  There are two options here:

1. If this question is related to "encrypt it through the coding part in vb.net coding" than it should be posted in a more appropriate Topic Area.  

2. If on the other hand you are trying to pass the password as clear text and do it all with T-SQL than you need to follow angelIII and ShogunWade's advice.  Just understand that pwdencrypt and pwdcompare are undocumented functions and are liable to be removed or changed.

So which is it?

In the meantime, you will find experts more responsive if you take the time to attend to the following abandoned question:
http://www.experts-exchange.com/Web/Hosting/Q_21715432.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.