October 25, 2002 at 10:43 am
Hello all,
Have a quick question (well maybe not so quick),
I am in a situation where i developed a small web app for a client
A very simple single table database that hold login information for the website users
Now the clients wants to encrypt/Hide this login data cause I am hosting it as well
now I can easily build a view over this table and grant a select on this view and hide any sensitive info
but I was wondering if there was aany other way to hide this info since all the data in the table will still be available if i go to the table directly using Enterprise manager
i know u can encrypt TSQL code so that users cant see what u have written but is it possible to do the same for actual data in a table?
Thanks
October 25, 2002 at 2:49 pm
First, there are routines to decrypt stored procs, so this isn't that secure.
SEcond, do you need to recover the login info? If not, then you can use encrypt() to encrypt the value when they enter it and store the encrypted value. Then when they login , you rerun encrypt and compare the encrypted values. Some threads here on this.
If you need to recoved the pwds, then use a 3rd party product. Rolling your own is a bad idea. (http://www.sqlservercentral.com/columnists/sjones/wp_encryption.asp)
Steve Jones
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply