I built an vb.net app that set some parameters and runs a store proc. Besides, the vb.net app creates an user with admin rights, his credentials: username and password are stored in DB.
I thouth to encrypt password with hash + salt method.
The problem....
Hashing password means that they are not decrypted ...only compared ..and here the problem....I would like to reuse this password to be used in the addlinked server store proc and other sql statement.
How can I Manage encrypted password to be used later...
when we built the login control by built in login control of vs2005 the passwords are saved in the database which is automatically created.how can i get the unencrypted form of these passwords from database.
I wonder if it is possible to retrieve encrypted password somehow? Like I have saved password (blueRays) in encrypted formate. How can I retrieve it "where password='blueRays' "?
I have a USERS table on an SQL Server 2000 with two fields, USER_NAME AND PASSWORD, and I want to encrypt the passwords when I stored them on the table. I used {Encrypt N ‘MyPassWord’} to encrypt the password and it looks that the passwords have been encrypted.
Went, however, I execute a SELECT statement for a specific password all passwords are returned.
This is a small sable code: ------------------------------------------------------------------------------------------------ CREATE TABLE dbo.Users ( User_Name nvarchar (10) NOT NULL , PassWord nvarchar (50) NOT NULL )
GO
INSERT INTO USERS (User_Name, PassWord) VALUES ('MyName', {Encrypt N 'MyPassWord'})
GO
INSERT INTO USERS (User_Name, PassWord) VALUES ('YourName', {Encrypt N 'YourPassWord'})
GO
SELECT * FROM USERS WHERE PassWord = {Encrypt N 'MyPassWord'}
(2 row(s) affected) ------------------------------------------------------------------------------------------------- Unfortunately both (All) rows are return
Is it any way to encrypt password and be able to select them? Is it any other way to encrypt data into the database?
I Forgot for my longtime used home expense update application password which has backend sql expressedition database.
i was used the application before 3 years, unfortunately i stopped updating my home expendature to the software.and now i require to login the application but i dont how reset the password in db, i have open database include tables of users profile. and password, but its encrypted.
Hi everyone, I am currently reading ASP.NET unleashed and practising few examples. The following code converts a user's text into a symmetric encryption: 'nd: define keys Const DESKey As String = "ABCDEFGH" Const DESIV As String = "HGFEDCBA" 'nd: convert string to byte array Function convert2ByteArray(ByVal strInput As String) As Byte() Dim intCounter As Integer Dim arrChar As Char() arrChar = strInput.ToCharArray Dim arrByte(arrChar.Length - 1) As Byte For intCounter = 0 To arrByte.Length - 1 arrByte(intCounter) = Convert.ToByte(arrChar(intCounter)) Next Return arrByte End Function
Private Sub btnGo_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnGo.Click Dim arrDESKey As Byte() Dim arrDESIV As Byte() Dim arrInput As Byte() Dim objFileStream As FileStream Dim objDES As DESCryptoServiceProvider Dim objEncryptor As ICryptoTransform Dim objCryptoStream As CryptoStream 'convert string to bytes arrDESKey = convert2ByteArray(DESKey) arrDESIV = convert2ByteArray(DESIV) arrInput = convert2ByteArray(txtInput.Text) objDES = New DESCryptoServiceProvider 'pass keys objEncryptor = objDES.CreateEncryptor(arrDESKey, arrDESIV) 'create to file to save password objFileStream = New FileStream(MapPath("secret.txt"), FileMode.Create, FileAccess.Write) 'pass in file and keys objCryptoStream = New CryptoStream(objFileStream, objEncryptor, CryptoStreamMode.Write) 'pass in text objCryptoStream.Write(arrInput, 0, arrInput.Length) objCryptoStream.Close() lblDone.Text = "Done!" End Sub
It works fine. But, how to i save this encrypted password into a database field instead of a writing it to a file? Also, could some please tell me how to paste code into this forum? I tried <code></code> tags but it did not work. Many thanks, Kevin
I have multiple databases, one for each client. I created a master report. Then I created links to this report for each client database in separate client-specific folders. I parameterized the connection string so that the server name and the database name are parameters of the linked report. The connection string is: ="data source=" & Parameters!SrvrName.Value & ";initial catalog=" & Parameters!DbName.Value.
The problem is that the security for now is Windows Authentication. (We are in the testing phase). However, my users will be both internal (company) and external (client) users. We do not want to set up database user IDs for each client user. I could create a single SQL account that has read access to all databases, relying on the Reporting Services security. But I would prefer to create separate SQL accounts for each database as the information is sensitive. Then I would probably pass that information in as a parameter to the report as well. Either way, I would have to include the password somehow. But, if I do that, I'm not sure how to include the password parameter. I would like it to be secure and passing it in as a parameter is not very secure.
I would really appreciate some suggestions on how to proceed.
Can somebody pls guide me on how i can Store & Retrieve Encrypted Username and Password Hashes.
I want to know following :-
1. I'm doing all the encryption and calculating password hashes on client side (VB), which i want to store in SQL Database when a new user account is created. I want to know what data types to use in Database. I will prefer not to use strings at all on client side due to secruity issues, i want to do all transfer in bytes -> to and from SQL server. How i can do that
2. How the connections can be made encrypted or more secure when doing these communcations.
3. I want to know if this is the right approach or to use the built in features of SQL Server 2005, main reason for not using that is that not all Encryption and Cryptography are supported...
I have an application which uses a login with an encrypted password. Everything works well, no errors in the application. My SQL Server errorlogs keeps recording:
Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
I know this message is related to the login with the encrypted password (tracked it with Profiler) My question: Is it normal that the error log tracks this message because the password is encrypted?
I have created a FTP task in SSISÂ to upload file to the server. Due to some policy issues we do not have the actual password with us. we have been provided with a encrypted password. Hence I am not able to connect to the server through the FTP task connection manager. Is there a way to connect to the server and send file using the encrypted password, so that we don't require the actual password to run the process successfully?
For security reason, the sensitive information must be encrypted, and they should be configurable dynamically (by an ASP.NET application).
so I tried several ways to achieve this,
1. use SSIS Package Configurations to generate an XML config file It's a convenient way to generate config file. but the passwords are not encrypted (or I don't know how).
2. use Variables and Property Expressions I can set variables by reading from an external custom xml config file which was content encrypted (read and decrypt the custom config file in a script task). but in a FTP Connection Manager entity, the Password property can not be set via Property Expressions.
Is any way to store password encrypted to an external file?
In BI Tool SSIS Packages run fine and get data From Oracle and Save it in SQL Server.
Package Protection Level is EncryptSensitivewithPassword.
In BI tool when i open the package it ask password and then run fine.
If i change the Protection Level to Dont save Sensitive,
It does not run fine in even BI tool.
It is fine if i use EncryptSensitivewithPassword.in BI Tool and run it.
Now the problem is that i need to run this package through SQL Job.
so Job give error
"Failed to decrypt an encrypted XML node because the password was not specified or not correct. Package load will attempt to continue without the encrypted information."
I have a table with id an identity column.Can I forbid the identity column of taking the same values of deletedones?How can I resolve this issue?*** Sent via Developersdex http://www.developersdex.com ***
I have two packages share same configuration file. There are 4 connections in the first package and 2 connections in the second. Configuration file contains properties for 4 connections. First package opens in VS designer with no error. The problem with second package. I get error that connection exist in the configuration but not in the package and "Could not copy file " Master_Configuration.dtsConfig" to the deployment utility output directory. Master_Configuration.dtsConfig' already exists." Any help?
after moving off VS debugger and into management studio to exercise our SQLCLR sp, we notice that the 2nd execution gets an error suggesting that our static SqlCommand object is getting reused from the 1st execution (of the sp under mgt studio). If this is expected behavior, we have no problem limiting our statics to only completely reusable objects but would first like to know if this is expected? Is the fact that debugger doesnt show this behavior also expected?
I need to start encrypting several fields in a database and have been doing some testing with a test database first. I've run into problems when attempting to restore the database on either the same server (but different database) or to a separate server.
First, here's how i created the symmetric key and encrypted data in the original database:
create master key encryption by password = 'testAppleA3';
create certificate test with subject = 'test certificate', EXPIRY_DATE = '1/1/2010';
create symmetric key sk_Test with algorithm = triple_des encryption by certificate test;
open symmetric key sk_Test decryption by certificate test;
insert into employees values (101,'Jane Doe',encryptbykey(key_guid('sk_Test'),'$200000')); insert into employees values(102,'Bob Jones',encryptbykey(key_guid('sk_Test'),'$500000'));
select * from employees --delete from employees select id,name,cast(decryptbykey(salary) as varchar(10)) as salary from employees
close all symmetric keys
Next I backup up this test database and restore it to a new database on a different server (same issue if restore to different database but on same server).
Then if i attempt to open the key in the new database and decrypt:
open symmetric key sk_Test decryption by certificate test;
I get the error: An error occurred during decryption.
Ok, well not unexpected, so reading the forums, i try doing the below first in the new database:
ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY
Then I try opening the key again and get the error again:
An error occurred during decryption.
So then it occurs to me, maybe i need to drop and recreate it so i do
drop symmetric key sk_test
then
create symmetric key sk_Test with algorithm = triple_des encryption by certificate test;
and then try to open it.
Same error!
So then i decide, let's drop everything, the master key, the certificate and then symmetric key:
drop symmetric key sk_test drop certificate test drop master key
Then recreate the master key:
create master key encryption by password = 'testAppleA3';
Restore the certificate from a backup i had made to a file:
CREATE CERTIFICATE test FROM FILE = 'c:storedcertsencryptiontestcert'
Recreate the symmetric key again:
create symmetric key sk_Test with algorithm = triple_des encryption by certificate test;
And now open the key only to get the error:
Cannot decrypt or encrypt using the specified certificate, either because it has no private key or because the password provided for the private key is incorrect.
So what am I doing wrong here? In this scenario I would appear to have lost all access to decrypt the data in the database despite restoring from a backup which restored the symmetric key and certificate and i obviously know the password for the master key.
I also tried running the command
ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY
I have connected to Database using my credentials by checking remember password option. After few days I forgot my password. How can I recover the password as SQL remember it. Is there any way to recover my password instead of resetting it.
I have a package protected by a password - I am already unhappy that to get it to use the configuration file to change connection strings for the production servers I have had to hardcode the password into the config file - very insecure! However, the package now deploys correctly to the production server and will run from there OK, but NOT if scheduled as a SQL Server Agent Job. Thus is because however often I edit the command line to include the password after the DECRYPT switch (which it has prompted me for when I click on the command line tab), the Job Step will not retain it. If I open it up after I have edited it and closed it, the password has disappeared.
I know that if I run dtexec plus the code in the Command Line tab (with the password), the package runs OK.
This is driving me insane! I have read all the other posts and so I tried replacing the SSIS package step with a CmdExec step and pasting that code into there - then I get an OLEDB error..
The code I use is: DTEXEC /SQL "ImportRateMonitoringTables" /SERVER servername /DECRYPT password /CONFIGFILE "D:Microsoft SQL ServerSSISDeploymentsRateMonitoringImportTasksDeploymentImportRateMonitoringTables_Production.dtsConfig" /MAXCONCURRENT " -1 " /CHECKPOINTING OFF /REPORTING E
and I get
SSIS Error Code DTS_E_OLEDBERROR. An OLE DB error has occurred. Error code: 0x8000FFFF
although the same code executes perfectly from a command prompt.
Please does anyone have any experience with a similar problem and if so, how did you get round it?
I am receiving the following error message when attempting to create a new SQL Authenticated login id.
Password validation failed. The password does not meet the requirements of the password filter DLL. (Microsoft SQL Server, Error: 15119)
I have four servers all running SQL Server 2005 SP2 on Windows 2003 Ent. SP1. Of the four servers, only one received the above error message using the same TSQL below.
CREATE LOGIN TEST_LOGIN WITH PASSWORD = 'pvif9dal' MUST_CHANGE, CHECK_EXPIRATION = ON
All four servers are in the same domain, which if I understand correctly, the password policies are therefore inherited at the OS level by the domain. The password being used is within the password policies of the domain.
I tried to install an ALLDATA database which run with SQL Server 2005 express edition. The data base fails to install becase of the following code that come up which is related to AS password requirement. The error that come up is:
TITLE: Microsoft SQL Server 2005 Setup ------------------------------
The sa password must meet SQL Server password policy requirements. For strong password guidelines, see Authentication Mode, in SQL Server Books Online.
For help, click: http://go.microsoft.com/fwlink?LinkID=20476&ProdName=Microsoft+SQL+Server&ProdVer=9.00.2047.00&EvtSrc=setup.rll&EvtID=28001&EvtType=sqlca%5csqlcax.cpp%40SAPasswordPolicyCheck%40SAPasswordPolicyCheck%40x6d61
------------------------------ BUTTONS:
&Retry Cancel ------------------------------
I am trying to install this database in a network server operating under Windows Server 2003 R2 with SP2. If anyone knows how to solve this problem, please let me.
On the login prompt for Report Server, there is a checkbox option to "Remember my Password." I check this, login successfully... but when returning to the Report Server, I am again prompted for the password, although the user name is saved. No matter how many times I do this, the password will not save in IE7. I have tried this on 3 different computers with IE7. In IE 6, I do not even get the checkbox as an option, just the user name/password prompt. In Firefox, the password saves fine. Any ideas what would be causing this?
Hi there, I was wondering if anyone knew of a way to encrypt a table? I now you can encrypt Stored Procedures, triggers and view, but can you encrypt a table??
I may have a requirement to send data from a SQL Server at site A to an Oracle server at site B. These sites have no network connection between them, and the current suggestion is to use ftp, but the transfer (or username and password) will not be encrypted.
If I create a DTS package transferring data from site A, will that transfer be encrypted?
If not, is there an option with SQL Server DTS to ensure that the data is sent in an encrypted form?
In a Multi Server Job under SQL Server Agent (MSX), we have a series ofsteps like:DTSRun /~Z0x8E8635E6BBA...The ~Z means it's an encrypted hexidecimal string. The person who createdthis step is no longer accessible, and the string can't be triviallydecrypted, so I don't know what this runs.Someone once mentioned that I could go to Query Analyzer, run it, andwatch the execution plan. However, if I start the job, the executionplan simply walks through the steps required to find the job, and doesn'tgo into the details of the job. I don't know how to run the DTSRuncommand directly within Query Analyzer.Is there a way I can use the execution plan to determine what package thisDTSRun line is executing? Please give me the appropriate command orcommands.-Adam
Can anyone tell me how to find out if a .sdf file is encrypted? Im using C# and would like to know if the db that I am trying to open is encrypted. I would then like to attempt to open the db.
I have mirroring set up in a test environment and it works great however I need to know/understand how the endpoints are encrypted. I have them set to use the AES algorithm; however I can not tell from BOL what keys they are using. I know the service master key is the root encryption key and endpoints sit at the server level (same level as service masterkey) but I am not sure if the endpoints use it to perform the encryption or not; do they and if not what do they use?
I have a simple .NET page that asks the user to create a new account. One of the fields on that page is 'Password'. I store the password in a SQL 2000 Database. However, it appears in the database as clear-text.
Is there a way to encrypt this so it doesn't appear as clear-text in the DB?
I have some encrypted stored procedure. I want to use the output of the encrypted stored procedure insert the output into temp table. is it possible to do. If so please let me know how can I proceed. Thanks in advance
