how to manage password in MSSQL server

i want to know the technique used to manage password in MSSQL

Page 1 of 1

3 Replies - 2611 Views - Last Post: 21 March 2009 - 04:05 PM

#1 lawale4me  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 1
  • Joined: 19-March 09

how to manage password in MSSQL server

Post icon  Posted 19 March 2009 - 02:57 AM

i want to know the technique used to manage password in MSSQL .

i mean if i want the value stored in the database not be in varchar or char data type....i wnat it to be in a form that its not readable how do i declare it
thanks
Laa
Is This A Good Question/Topic? 0
  • +

Replies To: how to manage password in MSSQL server

#2 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6053
  • View blog
  • Posts: 23,488
  • Joined: 23-August 08

Re: how to manage password in MSSQL server

Posted 19 March 2009 - 04:53 AM

You should never store a password in clear text. What you should do is create a hash of it with SHA and save the string that results from the hash. When you want to compare to the user input, hash the user input the same way then compare against the previously hashed value in the database.
Was This Post Helpful? 0
  • +
  • -

#3 kzimmerm  Icon User is offline

  • D.I.C Head

Reputation: 3
  • View blog
  • Posts: 70
  • Joined: 08-February 09

Re: how to manage password in MSSQL server

Posted 20 March 2009 - 08:25 AM

I agree here. I just finished an application where I save the password as a binary which is the result of MD5 hash. This is real simple to accomplish in .NET. MD5 is a 1 way encryption, which, for passwords it isn't important to decrypt it. You simply match the MD5 hash to what is stored.

Good luck.

Kurt
Was This Post Helpful? 0
  • +
  • -

#4 almogaver  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 10
  • Joined: 20-March 09

Re: how to manage password in MSSQL server

Posted 21 March 2009 - 04:05 PM

Hi,

If you have only one database username, then I agree with the preceding answers.
Otherwise is better to delegate user access control to SQL Server (use Windows integrated security, SQL Server security or mixed mode, your choice!). This avoids the need to store username and passwords (or digests).


Best regards

This post has been edited by almogaver: 21 March 2009 - 04:07 PM

Was This Post Helpful? 0
  • +
  • -

Page 1 of 1