RE: Encrypting a column?

RE: Encrypting a column?

 

  

Unfortunately though wouldn't this be just as dangerous as not encrypting at
all? What is the difference between holding the data as hashed -vs- not
hashed when I can query it directly either way. I would think you would
need some sort of encryption with a key. This key would be like a password
to be able to 'decrypt' that data.

Any thoughts?

- BILL -

-----Original Message-----
From: Mary Bahrami [mailto:[Email Address Removed] Wednesday, August 21, 2002 9:22 AM
To: Larson, Vince J.; SQLDBA (E-mail)
Subject: RE: Encrypting a column?


Thanks! This is exactly what I needed.

-----Original Message-----
From: Larson, Vince J. [mailto:Larson.[Email Address Removed] Tuesday, August 20, 2002 2:11 PM
To: Mary Bahrami; SQLDBA (E-mail)
Subject: RE: Encrypting a column?


There is a one-way encryption function (technically I think it's
hashing)--I
won't vouch for its security:
encrypt('<string>')
Use this to initially encrypt the passwords as they are stored in the
db.
Then, when someone logs in, encrypt that and compare it to the encrypted
version in the database. Along the lines of:
Select Username
From Users
Where encrypt(@password) = password

-----Original Message-----
From: Mary Bahrami [mailto:[Email Address Removed] Tuesday, August 20, 2002 2:54 PM
To: SQLDBA (E-mail)
Subject: Encrypting a column?


All,

I have a table of user logins, and would like to encrypt the password
column....Can't find anything on MS site or BOL, has anyone used
encryption inside the database? SS2000.

Thanks,
mary

---------------------------------------------------------------------
To unsubscribe, e-mail: mssqldba-[Email Address Removed] additional commands, e-mail: mssqldba-[Email Address Removed] NOTICE: The information contained in this message is
legally
privileged and confidential information intended only for the use of the
individual or entity named above. If the reader of this message is not
the
intended recipient, or the employee or agent responsible to deliver it
to
the intended recipient, you are hereby notified that any release,
dissemination, distribution, or copying of this communication is
strictly
prohibited. If you have received this communication in error, please
notify
the author immediately by replying to this message and delete the
original
message.
Thank you.



---------------------------------------------------------------------
To unsubscribe, e-mail: mssqldba-[Email Address Removed] additional commands, e-mail: mssqldba-[Email Address Removed]MS Sql Server LazyDBA home page