Simple Solution For Encrypting Passwords?
Aug 8, 2003
I've created an internal website (ASP/vbscript) that has individual logins for employees. Since I am the only person with access to the web/database server, I am storing plain text passwords in the database (I know - bad idea). I thought we wouldn't have a problem with hackers within the company, but I was notified by an angry employee using network monitoring software (against company policy) that he can see his plain-text password being passed over the network.
So, now I have to encrypt the passwords in the database - which I obviously should have done from the start. The problem is that I am a database newbie, so I don't even know where to start. I've seen posts about RC4, but I am confused. I'm looking for something VERY simple - anyone know of an "encrypting for dummies" article? If I encrypt the passwords in the database, would I have to do anything special in my ASP code? By the way, I can't use SSL on this server, if that makes a difference.
Thanks.
View 1 Replies
ADVERTISEMENT
Feb 22, 2006
A friend of my self asked me how he can save a password not as clear text. He wanted to encrypt the password and save the encrypted string in the database.
How can he do this? Maybe somebody can help me here.
Regards Markus
View 7 Replies
View Related
Sep 23, 2004
Hi,
I usually work with MySQL where it is able tl encrypt a password in a database (for users /clients etc) is there a way to do somthing similar in access.
Thanking you in advance
Oli
View 1 Replies
View Related
Apr 24, 2007
I am moving an application from MSDE to SQL Server Express. I have having difficulty finding a way to use a simple passsword for the SQL Login. SQL Server 2005 allows this
View 5 Replies
View Related
Aug 24, 2007
I have a table where I am needing to concatenate several columns. Some of the columns might have NULL values, so I need to concatenate only those fields where there is data and not concatenate the NULLs.
For Example:
My columns are ID, Effdt, keyword01, keyword02, keyword03, keyword04, keyword05, keyword06, keyword07, etc.
I need to concatenate all of the keyword columns into one field (keyword01 + '/' + keyword02 + '/' +keyword03 + '/' +...). However, keyword06 and on might be NULL (there is never an instance where, say, keyword02 has data, keyword03 is NULL, and keyword04 has data. If a keyword field, greater than keyword01 (it always has data in it), has data in it... then every keyword field before it does also.)
TABLE:
ID EffDT Keyword01 Keyword02 Keyword03 Keyword04 Keyword05
110 8/2/2005 12345 67890 NULL NULL NULL
111 8/2/2005 ABCDE FGHIJ KLMNO NULL NULL
112 8/15/2005 ABCDE FGHIJ NULL NULL NULL
113 8/15/2005 12345 67890 12345 67890 12345
Result:
ID EffDT Keyword
110 8/2/2005 12345 / 67890
111 8/2/2005 ABCDE / FGHIJ / KLMNO
112 8/15/2005 ABCDE / FGHIJ
113 8/15/2005 12345 / 67890 / 12345 / 67890 / 12345
How do I get the concantenation to go without the NULLs, without getting "12345 / 67890 / / / / / / "?
View 5 Replies
View Related
Mar 4, 2008
Hello
I made this very simple scalar function
CREATE FUNCTION [dbo].[UnitTotalFlow] (@TableName VARCHAR(255))
RETURNS FLOAT
AS
BEGIN
DECLARE @Result Float
SELECT @Result = (SELECT FloatNumber FROM @TableName WHERE ID = '1' )
return @Result
END
But I get this message
Msg 1087, Level 15, State 2, Procedure UnitTotalFlow, Line 12
Must declare the table variable "@TableName".
Like The Select statement has its own block and it is isolated from the function
would any body please help me about it
View 3 Replies
View Related
Feb 7, 2005
I've a table with two columns ITEMID and CHARGES.
Multiple ITEMIDs with different CHARGES exists. I want to query TOP 10 CHARGES for each ITEMID in the table; how come i achieve this without typing the TOP 10 for each ITEMID in the table. The table has two many itemids and i want to view 10 for each with maximum charges.
Howdy!
View 1 Replies
View Related
Nov 14, 2007
Hi! I am rather new to SQL, and could use some help. I have a table with lots of records, with fields like this:
TableA.Batch
TableA.Wafer
TableA.DieID
TableA.Param
TableA.Value
For each batch, there are ~25 wafers. For each wafer, there are thousands of dies. For each die there are several parameters, and for each die and parameter there is a value.
I want to calculate the median and robust sigma (inter-quartile range/1.35) per wafer, for a parameter. The following code works perfectly for me:
DECLARE @Q1 FLOAT, @MEDIAN FLOAT, @Q3 FLOAT, @SIGMA FLOAT, @x INT, @y INT, @z INT
SET @Q1 = SELECT TOP 1 value FROM (
SELECT TOP 25 PERCENT value
FROM TableA
WHERE batch=@x
AND wafer=@y
AND param=@z
ORDER BY value) Quartile1
ORDER BY value DESC
SET @MEDIAN = SELECT TOP 1 value FROM (
SELECT TOP 50 PERCENT value
FROM TableA
WHERE batch=@x
AND wafer=@y
AND param=@z
ORDER BY value) Median
ORDER BY value
SET @Q3 = SELECT TOP 1 value FROM (
SELECT TOP 25 PERCENT value
FROM TableA
WHERE batch=@x
AND wafer=@y
AND param=@z
ORDER BY value DESC) Quartile3
ORDER BY value
SET @SIGMA = (@Q3-@Q1)/1.35
SELECT @MEDIAN, @SIGMA
Ok, if you are still there: I need to do this for hundreds of wafers, and hopefully without having to manually set the batch and wafer numbers. I'm using MS SQL server by the way. As far as I've understood, there is no for-loop in SQL, and I can't see how I can do this by using GROUP BY.
Any help is very appreciated.
View 5 Replies
View Related
Jul 30, 2007
I have a table with the name of customers in it. The problem is that I have one column with the full name in it like
|Last First Middle|.
As you can see this is a problem for me.
I need to find a way to put these values into 3 seperate columns.
|Last| First| Middle |
Is there a function to seperate them via a space?
I have been looking on the web and have not found any functions or solutions.
Any help would be most appreciated.
Thanks in advance,
Gene
View 3 Replies
View Related
Jul 7, 2006
Users were able tolog on to our SQL 2000 servers with their passwords being case-insensitive.
Now with SQL 2005 some users can't logon because SQL 2005 passwords are case-sensitive.
Can SQL 2005 be configured so that passwords are NOT case sensitive???
Thanks!
View 6 Replies
View Related
Nov 30, 2006
VB.NET 2005 Express and SQL Server 2005 Express - NOT saving updates to DB - SOLUTION!
-----------------------------------
The following article is bogus and confusing:
How to: Manage Local Data Files - Setting 'Copy to Output Directory' to 'Do not copy'
http://msdn2.microsoft.com/en-us/library/ms246989.aspx
You must manually copy the database file to the output directory
AFTER setting 'Copy to Output Directory' to 'Do not copy'.
Do not copy
The file is never copied or overwritten by the project system. Because your application creates a dynamic connection string that points to the database file in the output directory, this setting only works for local database files when you manually copy the file yourself.
You must manually copy the database file to the output directory
AFTER setting 'Copy to Output Directory' to 'Do not copy'.
-----------------------------------
The above article is bogus and confusing.
This is rediculous!
This is the most vague and convoluted bunch of nonsince I've ever come accross!
Getting caught out on this issue for the 10th time!
And not being able to find an exact step-by-step solution.
--------------------------
I've tried it and it doesn't work for me.
Please don't try what the article eludes to as I'm still sorting out exactly what is supposed to be happening.
If you have a step-by-step procedure that can be reproduced this properly please PM me.
I would like to test its validity then update this exact post as a solution rather than just another dicussion thread.
Many thanks.
This is the exact procedure I have come up with:
NOTE 1: DO NOT allow VB.net to copy the database into its folders/directorys.
NOTE 2: DO NOT hand copy the database to a folder/directory in your project.
Yes, I know its hard not to do it because you want your project nice and tidy.
I just simply could NOT get it to work.
You should NOT have myData.mdf listed in the Solution Explorer. Ever.
Create a folder for your data following NOTE 2.
Copy your data to that folder. * mine was C:mydatamyData.mdf
Create a NEW project.
Remove any Data Connections. ( no matter what)
Save it.
Data | View Data Sources
Add New Data Source
select NEW CONNECTION ( No Matter what, do it!
Select the database. * again mine was C:mydatamyData.mdf
Answer NO to the question:
Would you like to copy the file to your project and modify the connection?
- NO ( no matter what - ANSWER NO ! - Absolutely NO )
Then select the tables you want in the DataSet.
and Finish.
To Test ----------
From the Solution Explorer | click the table name drop down arrow | select details
Now Drag the table name onto the form.
The form is then populated with a Navigation control
and matching Labels with corresponding Textboxes for each field in the table.
Save it.
1) Run the app.
Add one database record to the database by pressing the Add(+) icon
Just add some quick junk data that you don't mind getting lost if it doesn't save.
YOU MUST CLICK THE SAVE ICON to save the data you just entered.
Now exit the application.
2) Run the app again.
And verify there is one record already there.
Now add a second database record to the database by pressing the Add (+) icon.
NOW add some quick junk data that you WILL intentionally loose.
*** DO NOT *** press the save icon.
Just Exit the app.
3) Again, Run the app.
Verify that the first record is still there.
Verify that the Second record is NOT there.
Its NOT there because you didn't save the data before exiting the app.
Proving that YOU MUST CLICK THE SAVE ICON to save the data you just entered.
Also proving you must add your own code to catch the changes
and ask the user to save the data before exitiing or moving to another record.
As a side note, since vb.net uses detached datasets,
(a copy/snapshot of the dataset in memory and NOT directly linked to the database)
the dataset will reflect all changes made when moving around the detached datasets.
YOU MUT REMEMBER TO SUBMIT YOUR CHANGES TO THE DATABASE TO SAVE THEM.
Otherwise, they will simply be discarded without notice.
Whewh!
I hope this saves me some time the next time I want to start a new database project.
Oh, and uh, for anyone else reading this post.
Thanks,
Barry G. Sumpter
Currently working with:
Visual Basic 2005 Express
SQL Server 2005 Express
Developing Windows Forms with
101 Samples for Visual Basic 2005
using the DataGridView thru code
and every development wizard I can find within vb.net
unless otherwise individually stated within a thread.
View 17 Replies
View Related
Nov 15, 2006
I have a sql 2005 DB that stores personal information including Social Security #. How can i encrypt the SSN in Sql and then Decrypt it in a asp.net 2.0 page?Thanks
View 3 Replies
View Related
Jun 25, 2007
I am calling my rports from the server useing URL method.I need to encript this URL please help me.
View 6 Replies
View Related
May 4, 2004
I have an application that has stores sensitive data in an SQL server and I am currently handling this through my ASP.NET application using the encryption classes in C#.
One of the things we would eventually like to be able to do is use other programs (like Microsoft Access) to run advanced Querys on the tables and retrive the data. With the encyption being done in C#/ASP all that would be returned would be the encrypted data.
I wondering if there is a way to build a layer to encrypt/decrypt data at the database level, my searches haven't yeiled to much info (As well as a trip to Borders) as I haven't seen any books that even touch on this.
I don't know a lot about SQL right now (Mainly only MySQL so Stored Procs and all that stuff are really new to me) so I don't know if I would go about it this way or not? (Using a stored procedure)
Can anyone reccommened where I should start to learn about accomplishing this? Books are usually the best help but I'll take any kind of information that can be thrown my way :-)
Thanks!
View 3 Replies
View Related
Mar 20, 2002
Is it possible to encrypt data in one column. I always thought it wasn't possible but I need to know for sure.
View 1 Replies
View Related
Jul 18, 2000
Hi all,
Can anyone help me regarding encrypting a password.
While i put my password in a table, it shd be encrypted form so that none of the user shd able
view that and for admin purpose i shd able to view, that is, i shd able to decrypt the password
show to the user. The password is stored in a table as a field.
waiting for ur replies.
thanks in advance.
regards,
krr
View 6 Replies
View Related
May 29, 2000
Is there any way by which a SQL Server database can be encrypted.
Regrads
View 5 Replies
View Related
Jan 28, 2000
Hi:
I was wondering if any of you had any idea about how I could achieve to encrypt a certain field(s) or a whole table in one of the table in my Database. Somewhat, I want to hide the password field from everyone's curious eye.
IF possible please also reply to this email :
alexiscloutier@digisoftcorp.com
View 3 Replies
View Related
Feb 16, 2007
Hi,We want to encrypt MS Sql Server data files - .mdf and .ldf withlogged in user certificate and make sure that MS Sql Server service(running as Local System Account) can decrypt it.Is it possible to encrypt data files with a certificate that residesin logged in user'scert store and also MS SQL Server Service 'service account's certstore?You can access 'service account's cert store through mmc -
Quote:
View 4 Replies
View Related
Jul 20, 2005
Hello,I am running Microsoft SQL Server 2000 on a Windows 2000 Sever. I havebeen working with SQL Server, Building ASp WebSites for many years now.I am by no means an expert - nor have I had ANY formal training. So ebarwith me if my questions seem elementary...I have some questions regarding sensitive data and encryption.There is a project that is headed my way were the social security numberis being used as the unique identifier for an account. I have alwaysused as identity column as a unique identifier. What would be the prosand cons of using the SSN as a unique identifier?#1 How do I go about encrypting the number to store in the DB. Is thisdone within SQL Server? Or before the data is inserted?#2 Is it possible to use an encrypted field as a unique identifier?My gut tells me to use the identity column , encrypt the SSN and not useit as any part of an identifier.Thank You for your Help.. Happy New Year!Please Reply to the Newsgroup.*** Sent via Developersdex http://www.developersdex.com ***Don't just participate in USENET...get rewarded for it!
View 12 Replies
View Related
Mar 31, 2006
Hi,
I have creating a stored procedure in sql server 2005 to encrypt a parameter value that comes from an asp.net page. this value is of type varchar.
Now i have declared a paramater as varbinary to accept this value in the stored procedure. And encrypting it using symmetric key which is encrypted by certificate.
Now when i enter a value into the textbox in asp.net page. it shows
"implicit conversion from varchar to varbinary not possible" pls tell me what is the solution? do i have to convert the value in vb code while accessing the value of the textbox or do i have to convert the value while passing the value when call stored procedure.
pls tell me the solution so that i don't jave to change any coding in vb.
some solution in sql server itselt.
Thank you
Gaurav
View 4 Replies
View Related
Oct 22, 2007
I have been tasked with encrypting an entire database, and I need some assistance.
Everything that I have looked at leads me to believe that the only way to encrypt a whole database is to encrypt each column seperatly. I am completely stumped and could really use some help.
Is it possible to encrypt a whole database? if so, how?
If not, what other options do I have?
Thanks in advance for the help.
View 4 Replies
View Related
Oct 3, 2007
I have a bunch of packages that I was working with on a development server and have now moved to a production server. The package protection level was set to DoNotSaveSensative during the development, when I loaded them onto the production server I changed the protection level to EncryptAllWithPassword. I have a few parent packages that call other packages using the execute package task. Since, I now have encrypted packages i had to supply this task with the password, that is where the problem started. The parent package fails when it tries to execute the child package, saying the password was not supplied or it is wrong. I assure you it is not wrong, so is the parent package not storing the password since it was created with no password? Next I created a new parent package and supplied it with a password to call the child package and it works fine. Do I have to recreate all of my parent packages in this way? Is there a way for the parent package to rebuild itself and store the password? Any help would be appreciated.
Nick
View 3 Replies
View Related
Oct 22, 2007
I am trying to encrypt a column, and then do a select and decrypt the results.
I believe that I am encrypting the data properly, but whenever I try and do a select the column comes back as NULL.
If I do a select without trying to decrypt the column (select * from table) I get the following:
Name | Dept | Encrypted_Info
-----------------------------------------------
scott | it | 0x38383131
If I try and decrypt it I get this
Name | Dept | Encrypted_Info
-----------------------------------------------
scott | it | NULL
This is the query that I put together to create the database, table, DB Master Key, Cert, encrypt the column, and then select and decrypt the result:
create database QA_Encrypted
Go
create table QA_Encrypted.dbo.Enc_Table1
(UserName varchar(50),
Dept varchar(50),
Encrypted_Info varbinary(MAX))
Go
use QA_Encrypted
Go
if not exists (select * from sys.symmetric_keys where symmetric_key_id = 101)
create Master Key encryption by password = 'Pa55w0rd'
Go
Create Certificate QACert
with subject = 'Certificate for Testing'
Go
Create symmetric Key QAEncryptionKey with Algorithm = DES
Encryption by certificate QACert
Go
open symmetric key QAEncryptionKey decryption by certificate QACert
update QA_Encrypted.dbo.Enc_Table1 set Encrypted_Info = EncryptByKey(Key_GUID('QAEncryptionKey'), 'AUTHENTICATOR')
Go
use QA_Encrypted
insert into dbo.enc_table1 values ('scott', 'it', Convert(varbinary,'8811'))
OPEN Symmetric Key QAEncryptionKey
Decryption by CERTIFICATE QACert
select * from dbo.Enc_Table1
Select Username, Dept, Convert(varchar, DecryptByKey(Encrypted_Info)) as "decrypted"
from dbo.Enc_Table1
Any help would be greatly appreciated.
Thanks in advance
View 3 Replies
View Related
Jan 22, 2001
Does anyone know where there is a good summary of what you can do to encrypt data going between SQL Server and it's clients, and for that matter any other security things you can do with SQL Server ? I've been asked to write a document on this for someone and quite frankly I've got too much proper work to do...
View 1 Replies
View Related
Feb 22, 2001
I need to encrypt one column of a Sql Server 7 database. I would like to use some sort of function to accomplish this so regular reporting tools can grab the encrypted data.
View 1 Replies
View Related
Sep 28, 2004
I have programs written in sas. The programs themselves can be treated like a text file for this purpose. I need a program that will encrypt my program then when needed decyrypt it storing it into a temp file, run it and then delete it.
any thoughts or anything out there to use.
Nicole
View 1 Replies
View Related
Jul 15, 2014
Any example on encrypting a SSN Field using TDE?
[URL].....
View 9 Replies
View Related
Jun 18, 2015
encrypting a column in a sql server database. I have userid and password columns that I think should have protection on them. My thought was to encrypt these 2 columns. What happens if someone needs to know the actual values of a userid and password? Is encryption the right way to secure this data?
View 2 Replies
View Related
Dec 22, 2006
CREATE TABLE TabEncr (
id int identity (1,1),
NonEncrField varchar(30),
EncrField varchar(30)
)
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'OurSecretPassword'
CREATE CERTIFICATE my_cert with subject = 'Some Certificate'
CREATE SYMMETRIC KEY my_key with algorithm = triple_des encryption by certificate my_cert
OPEN SYMMETRIC KEY my_key DECRYPTION BY CERTIFICATE my_cert
INSERT INTO TabEncr (NonEncrField,EncrField)
VALUES ('Some Plain Value',encryptbykey(key_guid('my_key'),'Some Plain Value'))
CLOSE SYMMETRIC KEY my_key
OPEN SYMMETRIC KEY my_key DECRYPTION BY CERTIFICATE my_cert
SELECT NonEncrField,CONVERT(VARCHAR(30),DecryptByKey(EncrField))
FROM dbo.TabEncr
CLOSE SYMMETRIC KEY my_key
What is the problem with this code. It works fine , inserting the value encrypted but when i try to decrypt ,it returns a null value. What is missing. I also tried with symmetric key encryption with asymmetric key. Result is same, returns NULL value. I am using SQL 2005
Happy Coding...
View 15 Replies
View Related
Nov 12, 2007
Hi,
How can I encrypt / decrypt whole database (data, objects ... everything) in SQL Server 2005 Express Edition?
Quick solution from any champion of Databases would be highly entertained.
Waiting ..
Thanks a lot.
View 4 Replies
View Related
May 19, 2007
I want to store a function in SQL Server database that when called during insertion, encrypts a value and then stores encrypted text in the column.
Is there any built in Encrypting and Hashing mechanism in SQL 2005.
View 1 Replies
View Related
Oct 4, 2006
I want to encrypt some audio files before inserting them in a SQL server database. I want to use the built in sql server encryption. I found that the encrypt by key function accepts only text (nchar,nvarchar,etc).
I was thinking or reading the audio file's bytes and change them to a string and then insert them in the database. I just wanted to take opinions here. Is there a better way to do this?
thanks in advance
View 1 Replies
View Related
