Wrox Programmer Forums
Go Back   Wrox Programmer Forums > SQL Server > SQL Server 2000 > SQL Server 2000
| Search | Today's Posts | Mark Forums Read
SQL Server 2000 General discussion of Microsoft SQL Server -- for topics that don't fit in one of the more specific SQL Server forums. version 2000 only. There's a new forum for SQL Server 2005.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the SQL Server 2000 section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
  #1 (permalink)  
Old February 17th, 2005, 09:12 AM
Authorized User
 
Join Date: Feb 2005
Location: Mumbai, Maharashtra, India.
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
Default Is it safe to use pwdencrypt and pwdcompare

Hi ,

I want to apply encryption on the password entered by the users. Will it be safe to use pwdencrypt and pwdcompare functions for that. As these functions are undocumented and in the view of release of sql 2005 it may require to move the data from sql 2000 to 2005. if so then what option will be feasible.

alternativly can i use 3rd party tool fo encryption.


Plz some one advice me.

punkaj

punkaj
__________________
punkaj
  #2 (permalink)  
Old February 18th, 2005, 12:54 AM
Authorized User
 
Join Date: Feb 2005
Location: Pune, Maharashtra, India.
Posts: 30
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Not sure whether pwdencrypt and pwdcompare function will be safe or not.

Alternate way, you can write your own enyrption function in SQL-2000 and compile that function using "WITH ENCRYPTION' clause so that source code will not accessible by anyone even by you from sql database. So not forget to keep a source code copy with you before saving the script through enterprise manager function editor because there is no way you able retrieve the script once apply from there.

Sample template follows:

CREATE FUNCTION fn_getEncryptedString(@StringToEncrypt NVARCHAR(100),@PublicKey INT)
RETURNS NVARCHAR(300)
WITH ENCRYPTION
AS
BEGIN
    DECLARE @EncryptedString NVARCHAR(300)
    SET @EncryptedString = @StringToEncrypt
    /*
    Encryption logic starts here
    ..........................
    ..........................
    ..........................
    Encryption logic ends here
    */
   RETURN @EncryptedString
END

Hopes it addresses your problem to some extent

Cheers
Pooja Falor
Pune, India
  #3 (permalink)  
Old February 18th, 2005, 02:19 AM
Friend of Wrox
 
Join Date: Dec 2004
Location: Chennai, Tamil nadu, India.
Posts: 307
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Vadivel Send a message via Yahoo to Vadivel
Default

Check this link :: http://www.windowsitpro.com/articles...9809/9809.html


Best Regards
Vadivel

MVP ASP/ASP.NET
http://vadivel.thinkingms.com
  #4 (permalink)  
Old February 18th, 2005, 07:00 AM
Authorized User
 
Join Date: Feb 2005
Location: Mumbai, Maharashtra, India.
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks,
but this is the last solution to write my own function for encryption. Can you give me some other alternative way so that I don't have to do it?? Cn you tell me some 3rd part tools for that??

Punkaj

Quote:
quote:Originally posted by poojafalor
 Not sure whether pwdencrypt and pwdcompare function will be safe or not.

Alternate way, you can write your own enyrption function in SQL-2000 and compile that function using "WITH ENCRYPTION' clause so that source code will not accessible by anyone even by you from sql database. So not forget to keep a source code copy with you before saving the script through enterprise manager function editor because there is no way you able retrieve the script once apply from there.

Sample template follows:

CREATE FUNCTION fn_getEncryptedString(@StringToEncrypt NVARCHAR(100),@PublicKey INT)
RETURNS NVARCHAR(300)
WITH ENCRYPTION
AS
BEGIN
    DECLARE @EncryptedString NVARCHAR(300)
    SET @EncryptedString = @StringToEncrypt
    /*
    Encryption logic starts here
    ..........................
    ..........................
    ..........................
    Encryption logic ends here
    */
RETURN @EncryptedString
END

Hopes it addresses your problem to some extent

Cheers
Pooja Falor
Pune, India
punkaj
  #5 (permalink)  
Old February 18th, 2005, 08:50 AM
Authorized User
 
Join Date: Feb 2005
Location: Pune, Maharashtra, India.
Posts: 30
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Check this link ::
http://www.activecrypt.com/

Cheers,
Pooja Falor


Similar Threads
Thread Thread Starter Forum Replies Last Post
md5() safe??? foddie PHP How-To 0 December 30th, 2005 10:25 PM
Safe For Scripting interrupt VBScript 0 September 2nd, 2004 07:25 AM
Are you using Visual Source Safe? xgbnow Pro VB 6 9 February 9th, 2004 06:31 PM
Thread safe ejbs Indian Ocean J2EE 0 September 20th, 2003 03:55 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.