Post reply

Encrypting a column

  • June 18, 2015 at 9:37 am

    #319171

    Hi

    I am new on encrypting a column in a sql server database. I have userid and password columns that I think should have protection on them. My thought was to encrypt these 2 columns. What happens if someone needs to know the actual values of a userid and password? Is encryption the right way to secure this data?

    Thanks

    Kathy

  • June 18, 2015 at 9:39 am

    #1806436

    Passwords shouldn't be encrypted. Encryption assumes that you need to retrieve the original value, which for a password you don't. Passwords should be stored as a salted hash, preferably hashed in the application, preferably with the hash having been applied many, many times.

    Yes, you'll need to change the application to work that way.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

  • June 18, 2015 at 10:04 am

    #1806454

    Thanks Grant--got it

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply