Encrypting password fields in SQL Server

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Michael Hotek Applying LDF file to MDF without turning it to .BAK first? Procedure for finding last modified info? Migrating poorly designed database to new, normalized one Displaying decimal places in SQL Server 2000 Creating a DTS package Extracting data without strings converted to strange characters Money data type conversion issue using DTS Any way to alias a call to functions? Repairing corrupt MDF files In-place versus side-by-side upgrade SQL Server Security Meet compliance requirements with improved database security practices Hardening the network and OS for SQL Server security Securing the server and database in SQL Server SQL Server security made simple and sensible Blog: Protect your databases from the internal threat Setting up SQL Server Service Broker for secure communication The keys to database backup protection for SQL Server Understanding transparent data encryption in SQL Server 2008 The fine line between not encrypting your databases and breach notification Securing SQL Server with access control, login monitoring and DDL triggers Microsoft SQL Server Management Issues PostgreSQL vs. SQL Server: PostgreSQL is right for the Microsoft stack SQL Server Management Studio client tool enhancements

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary data corruption  (SearchSQLServer.com) data hiding  (SearchSQLServer.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

It doesn't require a 3rd party application. You can do this yourself. All it requires is for you to utilize an encryption algorithm in your application. Data coming in is encrypted and then sent on to the SQL Server where it is stored. When a validating a user, it passes through your application where the process is reversed. I would very strongly recommend that when you are doing this, that algorithm is locked up and very tightly controlled. In no case should it ever be used to allow a user to decrypt the data and view it in a report or via some other manner. Once encrypted, the data should always be encrypted except during validation processes within your application which never retains the password. There is a third-party tool that can do this for you as well called Encryptionizer.

For More Information

• Dozens more answers to tough SQL Server questions from Michael Hotek are available here.
• The Best Microsoft SQL Server Web Links: tips, tutorials, scripts, and more.
• The Best SQL Web Links
• Have a SQL Server tip to offer your fellow DBAs and developers? The best tips submitted will receive a cool prize. Submit your tip today!
• Ask your technical SQL Server questions -- or help out your peers by answering them -- in our live discussion forums.
• Ask the Experts yourself: Our SQL, database design, SQL Server, DB2, object-oriented and data warehousing gurus are waiting to answer your toughest questions.