Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Encrypt or decrypt our password

485 views
Skip to first unread message

Rahul

unread,
Mar 7, 2007, 5:43:13 AM3/7/07
to
Friends,

I have plan to store application passwords in there database.
So how i can Encrypt or decrypt our password.

Is there any other way to store the password.

Regards
Rahul

Uri Dimant

unread,
Mar 7, 2007, 6:26:57 AM3/7/07
to
Hi
Do you use SQL Server 2005?

"Rahul" <verma....@gmail.com> wrote in message
news:1173264193....@n33g2000cwc.googlegroups.com...

vt

unread,
Mar 7, 2007, 7:04:54 AM3/7/07
to
HI

SQL 2000 does not have any built-in column value encryption technique, you
have to relay on 3rd party app. but 2005 support simple symmetric encryption

VT

"Uri Dimant" <ur...@iscar.co.il> wrote in message
news:e1EgjuKY...@TK2MSFTNGP02.phx.gbl...

Hari Prasad

unread,
Mar 7, 2007, 8:02:06 AM3/7/07
to
Hello Rahul,

If it is SQL 2000, then encrypt the password in the application layer
itself. If it is SQL 2005, you could use the new SYMMETRIC or ASymetric
encrytions
available in SQL Server itself.

Take a look into the article which details the encryption with examples.

http://www.microsoft.com/technet/itshowcase/content/sqldatsec.mspx

http://www.sqlservercentral.com/columnists/mcoles/sql2005symmetricencryption.asp

Thanks
Hari


"Rahul" <verma....@gmail.com> wrote in message
news:1173264193....@n33g2000cwc.googlegroups.com...

kuNDze

unread,
Mar 7, 2007, 8:27:08 AM3/7/07
to
there are undocumented functions pwdencrypt and pwdcompare in SQL
2000. ;)


Hari Prasad raše:

Dan Guzman

unread,
Mar 7, 2007, 8:41:36 AM3/7/07
to
> there are undocumented functions pwdencrypt and pwdcompare in SQL 2000. ;)

These undocumented functions can break applications when behavior changes
between service packs/versions. I wouldn't go there ;-)


--
Hope this helps.

Dan Guzman
SQL Server MVP

"kuNDze" <kun...@gmail.com> wrote in message
news:1173274028....@q40g2000cwq.googlegroups.com...


there are undocumented functions pwdencrypt and pwdcompare in SQL
2000. ;)


Hari Prasad rase:

Peter W. DeBetta

unread,
Mar 7, 2007, 3:30:31 PM3/7/07
to
If you are using SQL 2000, you can do the encryption and decryption in the
middle tier and send the encrypted password into SQL Server as binary.

vt stated that SQL 2005 has simple symmetric encryption, which isn't the
whole story. As Hari already noted, if you are using SQL 2005, you can do
symmetric and asymmetric encryption, and as simple or complex as one
desires.

PLEASE - Whatever you do, use a real encryption algorithm and not home-grown
encryption like XOR or bit shifting!

--
Peter DeBetta, MVP - SQL Server
http://sqlblog.com
--


"Rahul" <verma....@gmail.com> wrote in message
news:1173264193....@n33g2000cwc.googlegroups.com...

David Portas

unread,
Mar 7, 2007, 5:22:00 PM3/7/07
to

Are you sure you want to encrypt the passwords? The only good excuse
for doing so is if you need to support some kind of password recovery.
Password recovery has its own security problems so avoid it if you
can.

Best practice is to hash the password rather than encrypt it. Good
password management rules are a must as well. You can hash passwords
either with the HashBytes function in SQL Server 2005 or with
Microsoft's crypto API in any other version.

--
David Portas, SQL Server MVP

Whenever possible please post enough code to reproduce your problem.
Including CREATE TABLE and INSERT statements usually helps.
State what version of SQL Server you are using and specify the content
of any error messages.

SQL Server Books Online:
http://msdn2.microsoft.com/library/ms130214(en-US,SQL.90).aspx
--

sunil mali

unread,
Feb 11, 2011, 10:23:22 AM2/11/11
to
Hi Friends,
I am Sunil Mali, I have a very good solution for encryption and decryption using sql
ex
To Encrypt Your password
insert into login_details(uid, username, password) values (1, 'Smith', EncryptByPassPhrase('12','xxx'))
here password is xxx, 1 and smith are uid and username.

To Decrypt The Same and TO fetch the result
select uid, username, convert(varchar(10), DECRYPTBYPHRASE('12', password) from login_details

This will work trust me, if you have any queries then mail me on suni...@rocketmail.com


> On Wednesday, March 07, 2007 5:43 AM Rahul wrote:

> Friends,
>
> I have plan to store application passwords in there database.
> So how i can Encrypt or decrypt our password.
>
> Is there any other way to store the password.
>
> Regards
> Rahul


>> On Wednesday, March 07, 2007 6:26 AM Uri Dimant wrote:

>> Hi
>> Do you use SQL Server 2005?


>>> On Wednesday, March 07, 2007 7:04 AM vt wrote:

>>> HI
>>>
>>> SQL 2000 does not have any built-in column value encryption technique, you
>>> have to relay on 3rd party app. but 2005 support simple symmetric encryption
>>>
>>> VT


>>>> On Wednesday, March 07, 2007 8:02 AM Hari Prasad wrote:

>>>> Hello Rahul,
>>>>
>>>> If it is SQL 2000, then encrypt the password in the application layer
>>>> itself. If it is SQL 2005, you could use the new SYMMETRIC or ASymetric
>>>> encrytions
>>>> available in SQL Server itself.
>>>>
>>>> Take a look into the article which details the encryption with examples.
>>>>
>>>> http://www.microsoft.com/technet/itshowcase/content/sqldatsec.mspx
>>>>
>>>> http://www.sqlservercentral.com/columnists/mcoles/sql2005symmetricencryption.asp
>>>>
>>>> Thanks
>>>> Hari
>>>>
>>>>

>>>> "Rahul" <verma....@gmail.com> wrote in message
>>>> news:1173264193....@n33g2000cwc.googlegroups.com...


>>>>> On Wednesday, March 07, 2007 8:27 AM kuNDze wrote:

>>>>> there are undocumented functions pwdencrypt and pwdcompare in SQL
>>>>> 2000. ;)
>>>>>
>>>>>

>>>>> Hari Prasad ra=9Ae:
>>>>> ion.asp


>>>>>> On Wednesday, March 07, 2007 8:41 AM Dan Guzman wrote:

>>>>>> These undocumented functions can break applications when behavior changes
>>>>>> between service packs/versions. I wouldn't go there ;-)
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Hope this helps.
>>>>>>
>>>>>> Dan Guzman
>>>>>> SQL Server MVP
>>>>>>
>>>>>> "kuNDze" <kun...@gmail.com> wrote in message
>>>>>> news:1173274028....@q40g2000cwq.googlegroups.com...
>>>>>> there are undocumented functions pwdencrypt and pwdcompare in SQL
>>>>>> 2000. ;)
>>>>>>
>>>>>>
>>>>>> Hari Prasad rase:


>>>>>>> On Wednesday, March 07, 2007 3:30 PM Peter W. DeBetta wrote:

>>>>>>> If you are using SQL 2000, you can do the encryption and decryption in the
>>>>>>> middle tier and send the encrypted password into SQL Server as binary.
>>>>>>>
>>>>>>> vt stated that SQL 2005 has simple symmetric encryption, which isn't the
>>>>>>> whole story. As Hari already noted, if you are using SQL 2005, you can do
>>>>>>> symmetric and asymmetric encryption, and as simple or complex as one
>>>>>>> desires.
>>>>>>>
>>>>>>> PLEASE - Whatever you do, use a real encryption algorithm and not home-grown
>>>>>>> encryption like XOR or bit shifting!
>>>>>>>
>>>>>>> --
>>>>>>> Peter DeBetta, MVP - SQL Server
>>>>>>> http://sqlblog.com
>>>>>>> --

>>>>>>> "Rahul" <verma....@gmail.com> wrote in message
>>>>>>> news:1173264193....@n33g2000cwc.googlegroups.com...


>>>>>>>>> On Tuesday, February 10, 2009 7:15 AM ArunKumar C.V wrote:

>>>>>>>>> Hi this is arun , i am finding asp.net c# code for decrypting password from sql server using SHA1, is it possible to retrieve encrypted password back into a original text from sql server. if any one find solution for this question pls email me .Thanks in advance


>>>>>>>>> Submitted via EggHeadCafe
>>>>>>>>> ASP.NET Generic Cookie Utility Class
>>>>>>>>> http://www.eggheadcafe.com/tutorials/aspnet/e7108c33-1cc6-48ae-9f65-cc391c8b66a7/aspnet-generic-cookie-utility-class.aspx

0 new messages