May 21, 2003 at 10:09 am
I have a users table with the passwords stored in clear text right now. I want to encrypt them, how can I do this for:
1. existing passwords
2. new users that will be added
Is it best practise to use the undocumented stored procs or do this at the application level?
links/scripts would be great thanks.
May 21, 2003 at 10:13 am
I think it would be more of a best practice to do the encryption at the application level and pass to SQL Server the encrypted form of the password.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley
May 21, 2003 at 10:38 am
comparing hashed values I guess right?
May 21, 2003 at 11:26 am
Yep, that's the easiest and safest way. No passwords sent in the clear over the network. CryptoAPI gives you everything you need.
Unless you need to be able to decrypt the passwords of course. You cannot do a hash in that case.
May 21, 2003 at 1:28 pm
So even if someone gets the HASH, it is of no use to them?
That CryptoAPI is in .Net?
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply