Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: SQL-Server
how to hide password stored in SQL server while using vba (msAccess) as a front end.
Iam using SQL server 2008 to store my tables and the application (forms and reports) are made of vba in msaccess. i want to hide or encrypt stored passwords in sqlserver to make my app more secured, that is even if a hacker gets to my sql database, still won't be able to see the real passwords, instead view encrypted passwords. can any one please help me with this? thanx in advance
Posted 27-Sep-13 1:11am
Edited 27-Sep-13 1:24am
v2
Comments
Rohan Leuva at 27-Sep-13 6:16am
   
What do you mean by hide?
WhiteTulip at 27-Sep-13 6:33am
   
i mean encrypting the passwords
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

You can use certificate to encrypt and decrypt. Look at this article SQL - server-introduction-to-encryption[^]
  Permalink  
Comments
WhiteTulip at 27-Sep-13 6:32am
   
thankyou for the link Arun, but i've already tried that, i managed to encrypt the password column. but when i add more users with their passwords and try to view the table, the passwords are not encrypted until i run an update query again. is their a way i cn make this update query run automatic whenever a user is added in a table?
Rohan Leuva at 27-Sep-13 6:35am
   
Make use of After insert trigger.
WhiteTulip at 27-Sep-13 6:40am
   
how do i use that? plz can u explain more?
Rohan Leuva at 27-Sep-13 6:42am
   
Go through this link http://www.codeproject.com/Articles/25600/Triggers-Sql-Server
 
Let me know if you still face any issue.
WhiteTulip at 27-Sep-13 7:21am
   
this article seems pretty useful, I haven't yet reach my destination, but I think I will, at least now I get it, all about Triggers and I can now understand what hem Raj was trying to show me. Thanks alot
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

The Griff's nice guide: "Password Storage: How to do it"[^].
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 3

For Encrypt Password Fields
------------------------------------
CREATE PROCEDURE SP_InsertUser123
-- Add the parameters for the stored procedure here
(
@UName varchar(50),
@Password varchar(50),
@Email varchar(50),
@Phone varchar(50)
)
AS
BEGIN
 

-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;
 
-- Insert statements for procedure here
insert into tbl_User values(@UName,EncryptByPassPhrase('12',@Password),@Email,@Phone)
END
GO
----------------------------
For decrypt Password
 
create PROCEDURE SP_Display_User
()
AS
BEGIN
 

    -- SET NOCOUNT ON added to prevent extra result sets from
    -- interfering with SELECT statements.
    SET NOCOUNT ON;
 
    -- Insert statements for procedure here
select UserId,UName, convert(varchar(10), DECRYPTBYPASSPHRASE ('12',password)) as Password from tbl_User
END
GO
  Permalink  
Comments
WhiteTulip at 27-Sep-13 7:06am
   
hey Raj, i'v tried your way, it doesn't make any changes

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 DamithSL 390
1 Maciej Los 217
2 OriginalGriff 213
3 BillWoodruff 130
4 Garth J Lancaster 90
0 OriginalGriff 7,953
1 DamithSL 6,139
2 Sergey Alexandrovich Kryukov 5,449
3 Maciej Los 5,293
4 Kornfeld Eliyahu Peter 4,539


Advertise | Privacy | Mobile
Web02 | 2.8.141223.1 | Last Updated 27 Sep 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100