August 23, 2002 at 7:54 pm
hi,
as i have a column called password then i need to record all my passwords in asterisk form so how can i do this in sql server??
pls giv me some advice.... =)
August 23, 2002 at 8:02 pm
The asterisk is what is known as a "mask." Even though underneath the program knows what the password is.
If you store the password in the database, you won't be able to hide it behind a mask like that. What you probably want to do is encrypt the password in the application prior to passing it to SQL Server. Otherwise, as Steve often points out, a DBA sitting with Profiler will be able to read the password coming in... which defeats the purpose of encrypting it in the first place.
There are plenty of tools and modules out there with pretty sound encryption schemes. Visit Counterpane's Labs for a good list of sources:
BTW, that's the company Bruce Schneier, author of Applied Cryptography is a founder of. If you can get your hands on that book, you're set as well.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley
August 24, 2002 at 7:17 pm
Depends also on several other factors. If the application that is sending it to be stored and you want to avoid cost the look at Microsoft CAPICOM which supports several encryption methods (ask me if you need more info as I have been coding in C++ with this for the past 2 months using 3DES) to put in you app or asp server side code. Also keep in mind if you are using ASP you need to setup a certificate to encrypt the data stream between the web server and the browser as that is not encrypted. Post your exact situation and we can offer a few ways to plug all the security holes as much as possible.
"Don't roll your eyes at me. I will tape them in place." (Teacher on Boston Public)
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply