password hash
This is a discussion on password hash within the SQL Server forums, part of the Microsoft SQL Server category; --> It seems like there is no built in procedure for making a password hash in SQL2000. Am I wrong. ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-29-2008, 05:27 AM
| |||
| |||
 Re: password hash "Jens U. K." <1jk2@3bsopatent4.dk> wrote in message news:i3t8d.3709$UU4.720@news.get2net.dk... > It seems like there is no built in procedure for making a password hash in > SQL2000. Am I wrong. > Do I have to make it from scratch myself or is there samples out there? > > /Jens Ulrik That's correct - the usual solution is to encrypt/decrypt in the client application using the Win32 CrpytoAPI, or some other suitable API, then store only the encrypted password in the database: http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=22 Simon      |
|
02-29-2008, 05:27 AM
| |||
| |||
| Re: password hash "Simon Hayes" <sql@hayes.ch> wrote in message news:41626a41$1_1@news.bluewin.ch... > > "Jens U. K." <1jk2@3bsopatent4.dk> wrote in message > news:i3t8d.3709$UU4.720@news.get2net.dk... >> It seems like there is no built in procedure for making a password hash >> in SQL2000. Am I wrong. >> Do I have to make it from scratch myself or is there samples out there? >> >> /Jens Ulrik > > That's correct - the usual solution is to encrypt/decrypt in the client > application using the Win32 CrpytoAPI, or some other suitable API, then > store only the encrypted password in the database: Hmm, it would have so easy with a stored procedure. Only problem is that neither the SQL-server nor the HTTP-server are in my possesion. So unfortunately I do not have access to "whatever" API I want :-( But as I recall the provider have ASP.NET and I think there is some encryption functions in there... /Jens Ulrik |
|
02-29-2008, 05:27 AM
| ||||
| ||||
| Re: password hash The asp.net System.Web.Security.FormsAuthentication class contains a static method for hashing passwords that you may find helpful: string password = "god"; string passwordFormat = "sha1"; string encryptedPassword = FormsAuthentication.HashPasswordForStoringInConfig File(password,passwordFormat); "Jens U. K." <1jk2@3bsopatent4.dk> wrote in message news:3bu8d.4068$xP1.2605@news.get2net.dk... > "Simon Hayes" <sql@hayes.ch> wrote in message > news:41626a41$1_1@news.bluewin.ch... >> >> "Jens U. K." <1jk2@3bsopatent4.dk> wrote in message >> news:i3t8d.3709$UU4.720@news.get2net.dk... >>> It seems like there is no built in procedure for making a password hash >>> in SQL2000. Am I wrong. >>> Do I have to make it from scratch myself or is there samples out there? >>> >>> /Jens Ulrik >> >> That's correct - the usual solution is to encrypt/decrypt in the client >> application using the Win32 CrpytoAPI, or some other suitable API, then >> store only the encrypted password in the database: > > Hmm, it would have so easy with a stored procedure. Only problem is that > neither the SQL-server nor the HTTP-server are in my possesion. So > unfortunately I do not have access to "whatever" API I want :-( But as I > recall the provider have ASP.NET and I think there is some encryption > functions in there... > > /Jens Ulrik |
Linear Mode
