password?!!!
-
i work in hr sqlserver database in employees table i have password column so every one have permission to open database can see all the passwords i wnat toedit the column password so who open employyes table see symblos in password column not the real password ma_refay
-
i work in hr sqlserver database in employees table i have password column so every one have permission to open database can see all the passwords i wnat toedit the column password so who open employyes table see symblos in password column not the real password ma_refay
Do you mean you want to encrypt the passwords? Do you want to change the permissions so that only valid users can access the passwords? Changing it so that it just displays symbols is not going to happen in SQL Server - Its function is to serve data, not to define how it is displayed. That is up to the applications that access the database. Perhaps you want to change them instead.
Scottish Developers events: * .NET debugging, tracing and instrumentation by Duncan Edwards Jones and Code Coverage in .NET by Craig Murphy * Developer Day Scotland: are you interested in speaking or attending? My: Website | Blog
-
i work in hr sqlserver database in employees table i have password column so every one have permission to open database can see all the passwords i wnat toedit the column password so who open employyes table see symblos in password column not the real password ma_refay
Hi! Check my blog at http://www.cubido.at/Blog/tabid/176/EntryID/34/Default.aspx. There I show how you can encrypt and decrypt the password column with SQL2005. If you do not have SQL2005 but 2000 you do not have these smart encryption functions built into the DB. You would have to implement encryption yourself (e. g. using .NET's encryption functions). In fact for a password it would be enough to calculate a (salted) hash (see http://en.wikipedia.org/wiki/Salt_%28cryptography%29 for details) -> no encryption needed. A completly unsecure solution that just displays the password in binary instead of cleartext is to change the data type of the password column to varbinary. A SELECT will then just show hex values. Again, this is NOT encryption. Everyone how is able to write SQL can write
cast(password as varchar)and sees the password. However, sometimes it is enough to just changing the display format of the password to binary. Regards, Rainer. Rainer Stropek Visit my blog at http://www.cubido.at/rainers -
Hi! Check my blog at http://www.cubido.at/Blog/tabid/176/EntryID/34/Default.aspx. There I show how you can encrypt and decrypt the password column with SQL2005. If you do not have SQL2005 but 2000 you do not have these smart encryption functions built into the DB. You would have to implement encryption yourself (e. g. using .NET's encryption functions). In fact for a password it would be enough to calculate a (salted) hash (see http://en.wikipedia.org/wiki/Salt_%28cryptography%29 for details) -> no encryption needed. A completly unsecure solution that just displays the password in binary instead of cleartext is to change the data type of the password column to varbinary. A SELECT will then just show hex values. Again, this is NOT encryption. Everyone how is able to write SQL can write
cast(password as varchar)and sees the password. However, sometimes it is enough to just changing the display format of the password to binary. Regards, Rainer. Rainer Stropek Visit my blog at http://www.cubido.at/rainersr.stropek wrote:
However, sometimes it is enough to just changing the display format of the password to binary.
This is not a display format - it is a storage format. The database knows nothing about how to display the data, that is the function of the application that is connected to the database.
Scottish Developers events: * .NET debugging, tracing and instrumentation by Duncan Edwards Jones and Code Coverage in .NET by Craig Murphy * Developer Day Scotland: are you interested in speaking or attending? My: Website | Blog
-
r.stropek wrote:
However, sometimes it is enough to just changing the display format of the password to binary.
This is not a display format - it is a storage format. The database knows nothing about how to display the data, that is the function of the application that is connected to the database.
Scottish Developers events: * .NET debugging, tracing and instrumentation by Duncan Edwards Jones and Code Coverage in .NET by Craig Murphy * Developer Day Scotland: are you interested in speaking or attending? My: Website | Blog
You're right, this is also a storage format. However, as far as I understood the question the application is Microsoft's enterprise manager or management studio -> you do not have the possiblitiy to change the display format without changing the storage format. If the original question did not regard to pre-built standard software but to individually developed software I aggree to you. Regards, Rainer. Rainer Stropek Visit my blog at http://www.cubido.at/rainers