I've created an internal website (ASP/vbscript) that has individual logins for employees. Since I am the only person with access to the web/database server, I am storing plain text passwords in the database (I know - bad idea). I thought we wouldn't have a problem with hackers within the company, but I was notified by an angry employee using network monitoring software (against company policy) that he can see his plain-text password being passed over the network.
So, now I have to encrypt the passwords in the database - which I obviously should have done from the start. The problem is that I am a database newbie, so I don't even know where to start. I've seen posts about RC4, but I am confused. I'm looking for something VERY simple - anyone know of an "encrypting for dummies" article? If I encrypt the passwords in the database, would I have to do anything special in my ASP code? By the way, I can't use SSL on this server, if that makes a difference.
A friend of my self asked me how he can save a password not as clear text. He wanted to encrypt the password and save the encrypted string in the database.
How can he do this? Maybe somebody can help me here.
Hi, I usually work with MySQL where it is able tl encrypt a password in a database (for users /clients etc) is there a way to do somthing similar in access. Thanking you in advance Oli
I am moving an application from MSDE to SQL Server Express. I have having difficulty finding a way to use a simple passsword for the SQL Login. SQL Server 2005 allows this
I have a table where I am needing to concatenate several columns. Some of the columns might have NULL values, so I need to concatenate only those fields where there is data and not concatenate the NULLs.
For Example:
My columns are ID, Effdt, keyword01, keyword02, keyword03, keyword04, keyword05, keyword06, keyword07, etc.
I need to concatenate all of the keyword columns into one field (keyword01 + '/' + keyword02 + '/' +keyword03 + '/' +...). However, keyword06 and on might be NULL (there is never an instance where, say, keyword02 has data, keyword03 is NULL, and keyword04 has data. If a keyword field, greater than keyword01 (it always has data in it), has data in it... then every keyword field before it does also.)
I've a table with two columns ITEMID and CHARGES. Multiple ITEMIDs with different CHARGES exists. I want to query TOP 10 CHARGES for each ITEMID in the table; how come i achieve this without typing the TOP 10 for each ITEMID in the table. The table has two many itemids and i want to view 10 for each with maximum charges.
For each batch, there are ~25 wafers. For each wafer, there are thousands of dies. For each die there are several parameters, and for each die and parameter there is a value.
I want to calculate the median and robust sigma (inter-quartile range/1.35) per wafer, for a parameter. The following code works perfectly for me:
SET @Q1 = SELECT TOP 1 value FROM ( SELECT TOP 25 PERCENT value FROM TableA WHERE batch=@x AND wafer=@y AND param=@z ORDER BY value) Quartile1 ORDER BY value DESC
SET @MEDIAN = SELECT TOP 1 value FROM ( SELECT TOP 50 PERCENT value FROM TableA WHERE batch=@x AND wafer=@y AND param=@z ORDER BY value) Median ORDER BY value
SET @Q3 = SELECT TOP 1 value FROM ( SELECT TOP 25 PERCENT value FROM TableA WHERE batch=@x AND wafer=@y AND param=@z ORDER BY value DESC) Quartile3 ORDER BY value
SET @SIGMA = (@Q3-@Q1)/1.35
SELECT @MEDIAN, @SIGMA
Ok, if you are still there: I need to do this for hundreds of wafers, and hopefully without having to manually set the batch and wafer numbers. I'm using MS SQL server by the way. As far as I've understood, there is no for-loop in SQL, and I can't see how I can do this by using GROUP BY.
VB.NET 2005 Express and SQL Server 2005 Express - NOT saving updates to DB - SOLUTION!
-----------------------------------
The following article is bogus and confusing:
How to: Manage Local Data Files - Setting 'Copy to Output Directory' to 'Do not copy' http://msdn2.microsoft.com/en-us/library/ms246989.aspx
You must manually copy the database file to the output directory AFTER setting 'Copy to Output Directory' to 'Do not copy'.
Do not copy
The file is never copied or overwritten by the project system. Because your application creates a dynamic connection string that points to the database file in the output directory, this setting only works for local database files when you manually copy the file yourself.
You must manually copy the database file to the output directory AFTER setting 'Copy to Output Directory' to 'Do not copy'.
-----------------------------------
The above article is bogus and confusing.
This is rediculous!
This is the most vague and convoluted bunch of nonsince I've ever come accross!
Getting caught out on this issue for the 10th time! And not being able to find an exact step-by-step solution.
--------------------------
I've tried it and it doesn't work for me.
Please don't try what the article eludes to as I'm still sorting out exactly what is supposed to be happening.
If you have a step-by-step procedure that can be reproduced this properly please PM me.
I would like to test its validity then update this exact post as a solution rather than just another dicussion thread.
Many thanks.
This is the exact procedure I have come up with:
NOTE 1: DO NOT allow VB.net to copy the database into its folders/directorys.
NOTE 2: DO NOT hand copy the database to a folder/directory in your project.
Yes, I know its hard not to do it because you want your project nice and tidy. I just simply could NOT get it to work. You should NOT have myData.mdf listed in the Solution Explorer. Ever.
Create a folder for your data following NOTE 2.
Copy your data to that folder. * mine was C:mydatamyData.mdf
Create a NEW project.
Remove any Data Connections. ( no matter what)
Save it.
Data | View Data Sources
Add New Data Source
select NEW CONNECTION ( No Matter what, do it!
Select the database. * again mine was C:mydatamyData.mdf
Answer NO to the question: Would you like to copy the file to your project and modify the connection? - NO ( no matter what - ANSWER NO ! - Absolutely NO ) Then select the tables you want in the DataSet. and Finish.
To Test ----------
From the Solution Explorer | click the table name drop down arrow | select details Now Drag the table name onto the form.
The form is then populated with a Navigation control and matching Labels with corresponding Textboxes for each field in the table.
Save it.
1) Run the app.
Add one database record to the database by pressing the Add(+) icon
Just add some quick junk data that you don't mind getting lost if it doesn't save.
YOU MUST CLICK THE SAVE ICON to save the data you just entered.
Now exit the application.
2) Run the app again.
And verify there is one record already there.
Now add a second database record to the database by pressing the Add (+) icon.
NOW add some quick junk data that you WILL intentionally loose.
*** DO NOT *** press the save icon.
Just Exit the app.
3) Again, Run the app.
Verify that the first record is still there.
Verify that the Second record is NOT there. Its NOT there because you didn't save the data before exiting the app.
Proving that YOU MUST CLICK THE SAVE ICON to save the data you just entered.
Also proving you must add your own code to catch the changes and ask the user to save the data before exitiing or moving to another record.
As a side note, since vb.net uses detached datasets, (a copy/snapshot of the dataset in memory and NOT directly linked to the database) the dataset will reflect all changes made when moving around the detached datasets. YOU MUT REMEMBER TO SUBMIT YOUR CHANGES TO THE DATABASE TO SAVE THEM. Otherwise, they will simply be discarded without notice.
Whewh!
I hope this saves me some time the next time I want to start a new database project.
Oh, and uh, for anyone else reading this post.
Thanks, Barry G. Sumpter
Currently working with: Visual Basic 2005 Express SQL Server 2005 Express
Developing Windows Forms with 101 Samples for Visual Basic 2005 using the DataGridView thru code and every development wizard I can find within vb.net unless otherwise individually stated within a thread.
I have a sql 2005 DB that stores personal information including Social Security #. How can i encrypt the SSN in Sql and then Decrypt it in a asp.net 2.0 page?Thanks
I have an application that has stores sensitive data in an SQL server and I am currently handling this through my ASP.NET application using the encryption classes in C#.
One of the things we would eventually like to be able to do is use other programs (like Microsoft Access) to run advanced Querys on the tables and retrive the data. With the encyption being done in C#/ASP all that would be returned would be the encrypted data.
I wondering if there is a way to build a layer to encrypt/decrypt data at the database level, my searches haven't yeiled to much info (As well as a trip to Borders) as I haven't seen any books that even touch on this.
I don't know a lot about SQL right now (Mainly only MySQL so Stored Procs and all that stuff are really new to me) so I don't know if I would go about it this way or not? (Using a stored procedure)
Can anyone reccommened where I should start to learn about accomplishing this? Books are usually the best help but I'll take any kind of information that can be thrown my way :-)
Can anyone help me regarding encrypting a password.
While i put my password in a table, it shd be encrypted form so that none of the user shd able view that and for admin purpose i shd able to view, that is, i shd able to decrypt the password show to the user. The password is stored in a table as a field.
I was wondering if any of you had any idea about how I could achieve to encrypt a certain field(s) or a whole table in one of the table in my Database. Somewhat, I want to hide the password field from everyone's curious eye.
IF possible please also reply to this email : alexiscloutier@digisoftcorp.com
Hi,We want to encrypt MS Sql Server data files - .mdf and .ldf withlogged in user certificate and make sure that MS Sql Server service(running as Local System Account) can decrypt it.Is it possible to encrypt data files with a certificate that residesin logged in user'scert store and also MS SQL Server Service 'service account's certstore?You can access 'service account's cert store through mmc -
Hello,I am running Microsoft SQL Server 2000 on a Windows 2000 Sever. I havebeen working with SQL Server, Building ASp WebSites for many years now.I am by no means an expert - nor have I had ANY formal training. So ebarwith me if my questions seem elementary...I have some questions regarding sensitive data and encryption.There is a project that is headed my way were the social security numberis being used as the unique identifier for an account. I have alwaysused as identity column as a unique identifier. What would be the prosand cons of using the SSN as a unique identifier?#1 How do I go about encrypting the number to store in the DB. Is thisdone within SQL Server? Or before the data is inserted?#2 Is it possible to use an encrypted field as a unique identifier?My gut tells me to use the identity column , encrypt the SSN and not useit as any part of an identifier.Thank You for your Help.. Happy New Year!Please Reply to the Newsgroup.*** Sent via Developersdex http://www.developersdex.com ***Don't just participate in USENET...get rewarded for it!
I have creating a stored procedure in sql server 2005 to encrypt a parameter value that comes from an asp.net page. this value is of type varchar.
Now i have declared a paramater as varbinary to accept this value in the stored procedure. And encrypting it using symmetric key which is encrypted by certificate.
Now when i enter a value into the textbox in asp.net page. it shows
"implicit conversion from varchar to varbinary not possible" pls tell me what is the solution? do i have to convert the value in vb code while accessing the value of the textbox or do i have to convert the value while passing the value when call stored procedure.
pls tell me the solution so that i don't jave to change any coding in vb.
I have been tasked with encrypting an entire database, and I need some assistance. Everything that I have looked at leads me to believe that the only way to encrypt a whole database is to encrypt each column seperatly. I am completely stumped and could really use some help. Is it possible to encrypt a whole database? if so, how? If not, what other options do I have? Thanks in advance for the help.
I have a bunch of packages that I was working with on a development server and have now moved to a production server. The package protection level was set to DoNotSaveSensative during the development, when I loaded them onto the production server I changed the protection level to EncryptAllWithPassword. I have a few parent packages that call other packages using the execute package task. Since, I now have encrypted packages i had to supply this task with the password, that is where the problem started. The parent package fails when it tries to execute the child package, saying the password was not supplied or it is wrong. I assure you it is not wrong, so is the parent package not storing the password since it was created with no password? Next I created a new parent package and supplied it with a password to call the child package and it works fine. Do I have to recreate all of my parent packages in this way? Is there a way for the parent package to rebuild itself and store the password? Any help would be appreciated.
I am trying to encrypt a column, and then do a select and decrypt the results. I believe that I am encrypting the data properly, but whenever I try and do a select the column comes back as NULL. If I do a select without trying to decrypt the column (select * from table) I get the following:
Name | Dept | Encrypted_Info ----------------------------------------------- scott | it | 0x38383131
If I try and decrypt it I get this
Name | Dept | Encrypted_Info ----------------------------------------------- scott | it | NULL
This is the query that I put together to create the database, table, DB Master Key, Cert, encrypt the column, and then select and decrypt the result:
create database QA_Encrypted
Go
create table QA_Encrypted.dbo.Enc_Table1
(UserName varchar(50),
Dept varchar(50),
Encrypted_Info varbinary(MAX))
Go use QA_Encrypted
Go
if not exists (select * from sys.symmetric_keys where symmetric_key_id = 101)
create Master Key encryption by password = 'Pa55w0rd'
Go
Create Certificate QACert
with subject = 'Certificate for Testing'
Go
Create symmetric Key QAEncryptionKey with Algorithm = DES
Encryption by certificate QACert
Go
open symmetric key QAEncryptionKey decryption by certificate QACert
update QA_Encrypted.dbo.Enc_Table1 set Encrypted_Info = EncryptByKey(Key_GUID('QAEncryptionKey'), 'AUTHENTICATOR')
Go
use QA_Encrypted
insert into dbo.enc_table1 values ('scott', 'it', Convert(varbinary,'8811'))
OPEN Symmetric Key QAEncryptionKey
Decryption by CERTIFICATE QACert
select * from dbo.Enc_Table1
Select Username, Dept, Convert(varchar, DecryptByKey(Encrypted_Info)) as "decrypted"
from dbo.Enc_Table1
Any help would be greatly appreciated. Thanks in advance
Does anyone know where there is a good summary of what you can do to encrypt data going between SQL Server and it's clients, and for that matter any other security things you can do with SQL Server ? I've been asked to write a document on this for someone and quite frankly I've got too much proper work to do...
I need to encrypt one column of a Sql Server 7 database. I would like to use some sort of function to accomplish this so regular reporting tools can grab the encrypted data.
I have programs written in sas. The programs themselves can be treated like a text file for this purpose. I need a program that will encrypt my program then when needed decyrypt it storing it into a temp file, run it and then delete it.
encrypting a column in a sql server database. I have userid and password columns that I think should have protection on them. My thought was to encrypt these 2 columns. What happens if someone needs to know the actual values of a userid and password? Is encryption the right way to secure this data?
CREATE TABLE TabEncr ( id int identity (1,1), NonEncrField varchar(30), EncrField varchar(30) )
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'OurSecretPassword' CREATE CERTIFICATE my_cert with subject = 'Some Certificate' CREATE SYMMETRIC KEY my_key with algorithm = triple_des encryption by certificate my_cert
OPEN SYMMETRIC KEY my_key DECRYPTION BY CERTIFICATE my_cert INSERT INTO TabEncr (NonEncrField,EncrField) VALUES ('Some Plain Value',encryptbykey(key_guid('my_key'),'Some Plain Value')) CLOSE SYMMETRIC KEY my_key
OPEN SYMMETRIC KEY my_key DECRYPTION BY CERTIFICATE my_cert SELECT NonEncrField,CONVERT(VARCHAR(30),DecryptByKey(EncrField)) FROM dbo.TabEncr CLOSE SYMMETRIC KEY my_key
What is the problem with this code. It works fine , inserting the value encrypted but when i try to decrypt ,it returns a null value. What is missing. I also tried with symmetric key encryption with asymmetric key. Result is same, returns NULL value. I am using SQL 2005
How can I encrypt / decrypt whole database (data, objects ... everything) in SQL Server 2005 Express Edition? Quick solution from any champion of Databases would be highly entertained.
I want to encrypt some audio files before inserting them in a SQL server database. I want to use the built in sql server encryption. I found that the encrypt by key function accepts only text (nchar,nvarchar,etc). I was thinking or reading the audio file's bytes and change them to a string and then insert them in the database. I just wanted to take opinions here. Is there a better way to do this? thanks in advance
