
	Home > Ask the SQL Server Experts > Michael Hotek Questions & Answers > Encrypting password fields in SQL Server

Ask The SQL Server Expert: Questions & Answers

EMAIL THIS

Encrypting password fields in SQL Server

EXPERT RESPONSE FROM: Michael Hotek

		Pose a Question

		Other SQL Server Categories

		Meet all SQL Server Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 27 October 2003
I have received a request to have a password field inside of a database table encrypted. The user would like to also be able to decrypt the field when validating users. What is the best way to go about doing this? Does it require a third-party application?

EXPERT RESPONSE

It doesn't require a 3rd party application. You can do this yourself. All it requires is for you to utilize an encryption algorithm in your application. Data coming in is encrypted and then sent on to the SQL Server where it is stored. When a validating a user, it passes through your application where the process is reversed. I would very strongly recommend that when you are doing this, that algorithm is locked up and very tightly controlled. In no case should it ever be used to allow a user to decrypt the data and view it in a report or via some other manner. Once encrypted, the data should always be encrypted except during validation processes within your application which never retains the password. There is a third-party tool that can do this for you as well called Encryptionizer.

For More Information

Dozens more answers to tough SQL Server questions from Michael Hotek are available here.
The Best Microsoft SQL Server Web Links: tips, tutorials, scripts, and more.
The Best SQL Web Links
Have a SQL Server tip to offer your fellow DBAs and developers? The best tips submitted will receive a cool prize. Submit your tip today!
Ask your technical SQL Server questions -- or help out your peers by answering them -- in our live discussion forums.
Ask the Experts yourself: Our SQL, database design, SQL Server, DB2, object-oriented and data warehousing gurus are waiting to answer your toughest questions.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Michael Hotek
	Applying LDF file to MDF without turning it to .BAK first?
	Procedure for finding last modified info?
	Migrating poorly designed database to new, normalized one
	Displaying decimal places in SQL Server 2000
	Creating a DTS package
	Extracting data without strings converted to strange characters
	Money data type conversion issue using DTS
	Any way to alias a call to functions?
	Repairing corrupt MDF files
	In-place versus side-by-side upgrade

SQL Server security

Secure SQL Server from SQL injection attacks

How insiders hack SQL databases with free tools and a little luck

Sarbanes-Oxley compliance checklist: IT security and SQL audits

SQL Server source code analysis and management adds database security

Ten common SQL Server security vulnerabilities you may be overlooking

SQL Server 2008 security and compliance features reduce security risks

Get your SQL Server security goals in order

How secure is your SQL Server network design?

Creating a SQL Server user authentication schema

Could a join of encrypted SQL Server data have a problem?

SQL Server Management Issues

PostgreSQL vs. SQL Server: PostgreSQL is right for the Microsoft stack

SQL Server Management Studio client tool enhancements

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

data corruption (SearchSQLServer.com)

data hiding (SearchSQLServer.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2005 - 2008, TechTarget \| Read our Privacy Policy