Click here to Skip to main content
15,846,976 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
how to hide password stored in SQL server while using vba (msAccess) as a front end.
Iam using SQL server 2008 to store my tables and the application (forms and reports) are made of vba in msaccess. i want to hide or encrypt stored passwords in sqlserver to make my app more secured, that is even if a hacker gets to my sql database, still won't be able to see the real passwords, instead view encrypted passwords. can any one please help me with this? thanx in advance
Posted
Updated 27-Sep-13 1:24am
v2
Comments
Thanks7872 27-Sep-13 6:16am    
What do you mean by hide?
WhiteTulip 27-Sep-13 6:33am    
i mean encrypting the passwords

You can use certificate to encrypt and decrypt. Look at this article SQL - server-introduction-to-encryption[^]
 
Share this answer
 
Comments
WhiteTulip 27-Sep-13 6:32am    
thankyou for the link Arun, but i've already tried that, i managed to encrypt the password column. but when i add more users with their passwords and try to view the table, the passwords are not encrypted until i run an update query again. is their a way i cn make this update query run automatic whenever a user is added in a table?
Thanks7872 27-Sep-13 6:35am    
Make use of After insert trigger.
WhiteTulip 27-Sep-13 6:40am    
how do i use that? plz can u explain more?
Thanks7872 27-Sep-13 6:42am    
Go through this link http://www.codeproject.com/Articles/25600/Triggers-Sql-Server

Let me know if you still face any issue.
WhiteTulip 27-Sep-13 7:21am    
this article seems pretty useful, I haven't yet reach my destination, but I think I will, at least now I get it, all about Triggers and I can now understand what hem Raj was trying to show me. Thanks alot
The Griff's nice guide: "Password Storage: How to do it"[^].
 
Share this answer
 
For Encrypt Password Fields
------------------------------------
CREATE PROCEDURE SP_InsertUser123
-- Add the parameters for the stored procedure here
(
@UName varchar(50),
@Password varchar(50),
@Email varchar(50),
@Phone varchar(50)
)
AS
BEGIN


-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;

-- Insert statements for procedure here
insert into tbl_User values(@UName,EncryptByPassPhrase('12',@Password),@Email,@Phone)
END
GO
----------------------------
For decrypt Password

SQL
create PROCEDURE SP_Display_User
()
AS
BEGIN


    -- SET NOCOUNT ON added to prevent extra result sets from
    -- interfering with SELECT statements.
    SET NOCOUNT ON;

    -- Insert statements for procedure here
select UserId,UName, convert(varchar(10), DECRYPTBYPASSPHRASE ('12',password)) as Password from tbl_User
END
GO
 
Share this answer
 
Comments
WhiteTulip 27-Sep-13 7:06am    
hey Raj, i'v tried your way, it doesn't make any changes

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900