Geeks With Blogs
My Place For SQL Lets Talk SQL

/*
Written By :-  Veer ji Wangoo (India) http://vsql.blogspot.com
Inputs from:-  Dinesh Asanka(Sri Lanka)  SqlServer Central
  http://www.geocities.com/dineshasanka/index.htm
Dated :- 12 July 2004

A very simple and unique way to encrypt Password in your database application
using a function called pwdencrypt

Lets have look at it,we first create a table named [UserTab]
which will have two columns along with a UserTab .Note the data Type
varbinary(255) to include Hashed encrypted value in the Table
*/

CREATE TABLE [dbo].[UserTab] (
[ID] [int] IDENTITY (1, 1)
NOT NULL ,
[UserName] [varchar] (50) COLLATE
SQL_Latin1_General_CP1_CI_AS NULL ,
[Password] [varbinary] (255) NULL ,
) ON [PRIMARY]
GO


/*
Next insert the data with a usage pwdencrypt() --This is an Undocumented Function.
*/
INSERT INTO [UserTab](UserName,Password)
VALUES ( 'Vsql',pwdencrypt('Varsha'));

--When you select you will find the PWD in Encryted Form.

select * from [user]

--A Sp  can be  written with below logic and  to retreive an d check the Password authentication
--We can ask the user to input teh USername and PWD into the Sp and check it with the matching Pwd
--If compare value comes as true then we give them access else we reject the access to th application

DECLARE @varPassword  varbinary(255)
 SELECT @varPassword = [Password] FROM [UserTab] where UserName = 'Vsql'
DECLARE @chkPassword varchar(255)
 SELECT @chkPassword = 'Varsha'
if  (pwdcompare(@chkPassword, @varPassword, 0) = 1)
Begin
 print 'Get along'
End
else
 print 'Permission Denied'

/*
Although this doesnt garuntee the Safegaurd of your passwords and
any hacking attacks but will certainly help in maintaining the integrity of the
applications.Like freaking with Usernames/passwords of any user by the people who has
access to tables in your Application Database

You can also use various Encryption algorithms availble in registry
and Devlopment Environments.
*/

 

Posted on Tuesday, July 13, 2004 2:22 AM | Back to top


Comments on this post: PasssWord Encryption in SQL 2000

# re: PasssWord Encryption in SQL 2000
Requesting Gravatar...
excellent work.

thanks
Left by Mr. Aslam on Sep 10, 2004 10:53 AM

# trackback test
Requesting Gravatar...
just testing
Left by on May 20, 2005 8:36 AM

# re: PasssWord Encryption in SQL 2000
Requesting Gravatar...
It was simply great!!! :)
Left by sumit on Dec 23, 2005 12:28 AM

# re: PasssWord Encryption in SQL 2000
Requesting Gravatar...
THIS WEBSITE MUST BE CREATED BY AN IDIOT FOOL STUPID.
Left by NIKHIL BN on Dec 23, 2005 12:31 AM

# re: PasssWord Encryption in SQL 2000
Requesting Gravatar...
no comments
Left by abcd on Dec 23, 2005 12:31 AM

# re: PasssWord Encryption in SQL 2000
Requesting Gravatar...
Das is some kewl shait mon
Left by Koos on Nov 22, 2007 12:17 AM

# re: PasssWord Encryption in SQL 2000
Requesting Gravatar...
The above encription is very good to know about, but more looking on the customization of the same, with multiple Encryption mechanism.. So
How it is possible to use Say SHA512 , 64Bit Encryption ...?
Left by Nilesh Pabuwal on Jan 18, 2008 9:20 PM

# re: PasssWord Encryption in SQL 2000
Requesting Gravatar...
DECLARE @varPassword nvarchar(255)
SELECT @varPassword = [Password] FROM [Teva_productionmgr] where UserName ='kiranm'
print @varPassword
print pwdencrypt(@varPassword)

DECLARE @chkPassword nvarchar(255)
SELECT @chkPassword = 'kiranm1!!'

if (pwdcompare(@chkPassword, @varPassword, 0) = 1)
Begin
print 'Password Match'
End
else
print 'Permission Denied'
Left by Prakash on Aug 03, 2009 6:03 AM

Your comment:
 (will show your gravatar)


Copyright © Veer Ji Wangoo | Powered by: GeeksWithBlogs.net