Encrypting the data to be stored in tables.

greenspun.com : LUSENET : SQL Server Database Administration : One Thread

Hello, We are doing a web based application using IIS and SQL Server database. We want to provide a facility where users can/forced to change their password periodically. We want to store these passwords info in sqlserver table in ecrypted format so that even administrator should not be able to read it. As far as my knowledge goes, you cannot do that by just defining column of some type in SQL server. Any ideas...? btw, we will be using SQLServer 2000 and IIS latest version. Nilesh

-- Anonymous, September 04, 2001

Answers

Nilesh,

I would consider using the undocumented functions pwdencrypt and pwdcompare. The trick, of course, is to find documentation.

To do that, go to http://groups.google.com/advanced_group_search and search the microsoft.public.sqlserver.* newsgroups for pwdencrypt or, equivalently go to this link:

http://groups.google.com/groups? as_q=pwdencrypt&as_ugroup=microsoft.public.sqlserver.*&num=100

(all on one line with no spaces).

I must caution you that this should not be considered strong encryption. (It is probably about '40 bit' encryption.)

Hope this helps,

Eric

-- Anonymous, September 05, 2001


Eric, Thanks for your quick response. I went through the material for pwdencrypt and pwdcompare from Guru's guide to transactSQL and the news groups. Looks like these things are undocumented so not supported and may change in future. I may have to go another route. Still looking..!

-- Anonymous, September 05, 2001

Moderation questions? read the FAQ