Start a new topic
Add Reply
Posted 19 March 2009 - 01:57 AM
i want to know the technique used to manage password in MSSQL .
i mean if i want the value stored in the database not be in varchar or char data type....i wnat it to be in a form that its not readable how do i declare it
thanks
Laa
how to manage password in MSSQL server
Page 1 of 1
how to manage password in MSSQL server
i want to know the technique used to manage password in MSSQL
Rate Topic:
MultiQuote
#2
JackOfAllTrades
- Mayor of Simpleton
-
- Group: Moderators
- Posts: 7,127
- Joined: 23-August 08
Dream Kudos: 50
Expert In: Being annoyed with lazy people.
Posted 19 March 2009 - 03:53 AM
You should never store a password in clear text. What you should do is create a hash of it with SHA and save the string that results from the hash. When you want to compare to the user input, hash the user input the same way then compare against the previously hashed value in the database.
Was This Post Helpful?
0
#3
kzimmerm
- D.I.C Head
-
- Group: Members
- Posts: 67
- Joined: 08-February 09
Dream Kudos: 0
Posted 20 March 2009 - 07:25 AM
I agree here. I just finished an application where I save the password as a binary which is the result of MD5 hash. This is real simple to accomplish in .NET. MD5 is a 1 way encryption, which, for passwords it isn't important to decrypt it. You simply match the MD5 hash to what is stored.
Good luck.
Kurt
Good luck.
Kurt
Was This Post Helpful?
0
#4
almogaver
- New D.I.C Head
-
- Group: Members
- Posts: 10
- Joined: 20-March 09
Dream Kudos: 0
Posted 21 March 2009 - 03:05 PM
Hi,
If you have only one database username, then I agree with the preceding answers.
Otherwise is better to delegate user access control to SQL Server (use Windows integrated security, SQL Server security or mixed mode, your choice!). This avoids the need to store username and passwords (or digests).
Best regards
If you have only one database username, then I agree with the preceding answers.
Otherwise is better to delegate user access control to SQL Server (use Windows integrated security, SQL Server security or mixed mode, your choice!). This avoids the need to store username and passwords (or digests).
Best regards
This post has been edited by almogaver: 21 March 2009 - 03:07 PM
Was This Post Helpful?
0
Page 1 of 1
| 
