[lawale4me]

i want to know the technique used to manage password in MSSQL .

i mean if i want the value stored in the database not be in varchar or char data type....i wnat it to be in a form that its not readable how do i declare it
thanks
Laa

[JackOfAllTrades]

You should never store a password in clear text. What you should do is create a hash of it with SHA and save the string that results from the hash. When you want to compare to the user input, hash the user input the same way then compare against the previously hashed value in the database.

[kzimmerm]

I agree here. I just finished an application where I save the password as a binary which is the result of MD5 hash. This is real simple to accomplish in .NET. MD5 is a 1 way encryption, which, for passwords it isn't important to decrypt it. You simply match the MD5 hash to what is stored.

Good luck.

Kurt

[almogaver]

Hi,

If you have only one database username, then I agree with the preceding answers.
Otherwise is better to delegate user access control to SQL Server (use Windows integrated security, SQL Server security or mixed mode, your choice!). This avoids the need to store username and passwords (or digests).


Best regards

This post has been edited by almogaver: 21 March 2009 - 04:07 PM