Hi ,

I want to apply encryption on the password entered by the users. Will it be safe to use pwdencrypt and pwdcompare functions for that. As these functions are undocumented and in the view of release of sql 2005 it may require to move the data from sql 2000 to 2005. if so then what option will be feasible.

alternativly can i use 3rd party tool fo encryption.


Plz some one advice me.

punkaj

punkaj

__________________
punkaj

Not sure whether pwdencrypt and pwdcompare function will be safe or not.

Alternate way, you can write your own enyrption function in SQL-2000 and compile that function using "WITH ENCRYPTION' clause so that source code will not accessible by anyone even by you from sql database. So not forget to keep a source code copy with you before saving the script through enterprise manager function editor because there is no way you able retrieve the script once apply from there.

Sample template follows:

CREATE FUNCTION fn_getEncryptedString(@StringToEncrypt NVARCHAR(100),@PublicKey INT)
RETURNS NVARCHAR(300)
WITH ENCRYPTION
AS
BEGIN
    DECLARE @EncryptedString NVARCHAR(300)
    SET @EncryptedString = @StringToEncrypt
    /*
    Encryption logic starts here
    ..........................
    ..........................
    ..........................
    Encryption logic ends here
    */
   RETURN @EncryptedString
END

Hopes it addresses your problem to some extent

Cheers
Pooja Falor
Pune, India

Check this link :: http://www.windowsitpro.com/articles...9809/9809.html


Best Regards
Vadivel

MVP ASP/ASP.NET
http://vadivel.thinkingms.com

Thanks,
but this is the last solution to write my own function for encryption. Can you give me some other alternative way so that I don't have to do it?? Cn you tell me some 3rd part tools for that??

Punkaj

punkaj

Check this link ::
http://www.activecrypt.com/

Cheers,
Pooja Falor