Saturday, February 25, 2012

password

Hi,
Is there any way to show one column(password) values as ***.
One of my table has password field, when you query the table it will give actual value, i wanted to show them as **** or with junk charecters.
FYI..column data type is varchar(50).
Thanks in advance.You could use Pwdencrypt and pwdcompare:

Pwdencrypt and pwdcompare are internal, undocumented functions that SQL Server uses to manage passwords. Pwdencrypt uses a one-way hash that takes a clear string and returns an encrypted version of that string. Pwdcompare compares an unencrypted string to its encrypted representation to see whether they match.

Script below shows how to save and compare passwords:

create table users(
id int identity,
username nvarchar(128) not null unique,
userpassword nvarchar(128) not null
)

insert users(username,userpassword)
select 'tom',pwdencrypt('tom2')

insert users(username,userpassword)
select 'brett',pwdencrypt('brett2')

select Id from users
where pwdcompare('tom2',userpassword)=1
and username='tom'

Id
----
1

(1 row(s) affected)

select Id from users
where pwdcompare('brett3',userpassword)=1
and username='brett'
Id
----

(0 row(s) affected)|||Thanks for your reply.
And is there any way to decrypt the password, if you loose your actual password?
Thanks|||Thanks for your reply.
And is there any way to decrypt the password, if you loose your actual password?
Thanks
Nope ;) just set up new one|||Yeah, the point is to encrypt the password before it is stored in your table. And if it could be decrypted, it wouldn't be very secure, right?

Actually, SQL Server's encryption method has been cracked, and decryption algorythms are available on the web. If you want more security, I have a one-way encryption function you are welcome to use.|||Any leads would be greatly appreciated!!
Thanks|||Here is my pasword encryption algorythm.

The other disadvantage of using SQL Server's PWD_ENCRYPT function is that Microsoft can and has changed the algorythm in subsequent releases of SQL Server, rendering all existing passwords useless.|||Just curious...what sql server security model are you using?

I'm always leary of Application level security that store passwords in the database.|||Mixed mode.
thanks
Posted by feltpaddedvbni at 3:25 AM
Labels: , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)