BorlandTalk.com Borland discussion newsgroups   Archives   FAQ   Search   Memberlist   Usergroups   Register   Profile   Log in to check your private messages   Log in  How Can I store a password in an sql server table?          BorlandTalk.com Forum Index -> Delphi Databases (SQL Servers) View previous topic :: View next topic   Author Message Kemal Çoruhlu Guest Posted: Mon Oct 11, 2004 10:13 am    Post subject: How Can I store a password in an sql server table? Hi , I want to store a password text in a table field but this password must be encrypted. (user must not see this password anyway) is there a way for storing a password in sql server tables in secure ? Thnx Back to top Viatcheslav V. Vassiliev Guest Posted: Mon Oct 11, 2004 10:41 am    Post subject: Re: How Can I store a password in an sql server table? The best way is to encrypt/decrypt password in your program - there are many such components, look torry.net, for example. In database there will be only encrypted password and only your program will know how to decrypt it. //------------------------------------------ Regards, Vassiliev V. V. http://www.managed-vcl.com - using .Net objects in Delphi for Win32 + ADO.Net http://www.oledbdirect.com - The fastest way to access MS SQL Server, MS Jet (Access) and Interbase (through OLEDB) "Kemal Çoruhlu" <Kemalc (AT) Siberyazilim (DOT) com.tr> ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ × ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅÅ: news:416a5c5b (AT) newsgroups (DOT) borland.com... Quote: Hi , I want to store a password text in a table field but this password must be encrypted. (user must not see this password anyway) is there a way for storing a password in sql server tables in secure ? Thnx Back to top Jeremy Collins Guest Posted: Mon Oct 11, 2004 11:20 am    Post subject: Re: How Can I store a password in an sql server table? Kemal Çoruhlu wrote: Quote: Hi , I want to store a password text in a table field but this password must be encrypted. (user must not see this password anyway) is there a way for storing a password in sql server tables in secure ? V.V.V. is quite correct with his advice; but why should your users ever have access to the password table anyway? SQL Server has table-level permissions, and it's up to you what data you present in your application. -- jc Remove the -not from email Back to top Morten Bergman Guest Posted: Tue Oct 12, 2004 7:38 pm    Post subject: Re: How Can I store a password in an sql server table? Kemal, I use the lockbox components for this, it's painless. You can find them here: http://sourceforge.net/projects/tplockbox/ Morten "Kemal Çoruhlu" <Kemalc (AT) Siberyazilim (DOT) com.tr> wrote Quote: Hi , I want to store a password text in a table field but this password must be encrypted. (user must not see this password anyway) is there a way for storing a password in sql server tables in secure ? Thnx Back to top danny heijl Guest Posted: Wed Oct 13, 2004 11:34 am    Post subject: Re: How Can I store a password in an sql server table? Kemal Çoruhlu wrote: Quote: is there a way for storing a password in sql server tables in secure ? Don't store the password, store a SHA-1 hash of the password. For verification, recompute the SHA-1 hash on the password entered by the user, and compare the hashes. Simple, and secure. Danny --- Back to top Igor Gottwald Guest Posted: Wed Oct 13, 2004 11:51 am    Post subject: Re: How Can I store a password in an sql server table? The advice from Danny Heijl is very good (SHA-1, MD5, etc.), but for strongest security add some other user dependent information to the password. It disallows to temporally stole some other account. Example: User Name / Password: xxx / hash1 yyy / hash2 User yyy will write down hash1, replace it by its own hash2, log-in as user xxx and than restore password hash back to hash1. Safer way is to use some identity column (Integer, GUID) and calculate hash := SHA1(GUIDToString(ID) + APassword). Also disallow read access to password column (if possible) or to the password table at all and create view populating only needed columns. Than create stored procedure validating user id / password combination. Igor Gottwald "Kemal Çoruhlu" <Kemalc (AT) Siberyazilim (DOT) com.tr> pí¹e v diskusním pøíspìvku news:416a5c5b (AT) newsgroups (DOT) borland.com... Quote: Hi , I want to store a password text in a table field but this password must be encrypted. (user must not see this password anyway) is there a way for storing a password in sql server tables in secure ? Thnx Back to top Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First         BorlandTalk.com Forum Index -> Delphi Databases (SQL Servers) All times are GMT Page 1 of 1   Jump to: Select a forum C++ Builder Newsgroups----------------C++ BuilderC++ Builder (ActiveX)C++ Builder (Announcements)C++ Builder (Command Line Tools)C++ Builder DatabasesC++ Builder Databases (ADO)C++ Builder Databases (Desktop)C++ Builder Databases (InterBase Express)C++ Builder Databases (Multi-Tier)C++ Builder Databases (SQL Servers)C++ Builder (Graphics)C++ Builder (IDE)C++ Builder (Internet)C++ Builder (Internet Socket)C++ Builder (Internet Web)C++ Builder (Jobs)C++ Builder (Language)C++ Builder (Language C++)C++ Builder (Compatibility with MFC)C++ Builder (Native API)C++ Builder (Non-Technical)C++ Builder (Students)C++ Builder (Third Party Tools)C++ Builder (Upgrade)C++ Builder (VCL)C++ Builder (VCL Components Usage)C++ Builder (VCL Components Development)C++ Builder (VCL Usage)C++ Builder (WinAPI)C++ Builder Installation Delphi Newsgroups----------------Delphi (General)Delphi ActiveX Controls UsageDelphi ActiveX Controls DevelopmentDelphi As400Delphi DatabasesDelphi Databases (ADO)Delphi Databases (dbExpress)Delphi Databases (Desktop)Delphi Databases (InterBase Express)Delphi Databases (Multi-Tier)Delphi Databases (SQL Servers)Delphi DeploymentDelphi GraphicsDelphi IDEDelphi InternationalizationDelphi InternetDelphi Internet Isapi-WebBrokerDelphi Internet WebSnapDelphi Internet WinsockDelphi JobsDelphi Language BASMDelphi Language ObjectPascalDelphi Model Driven Architecture (General)Delphi Model Driven Architecture (Third Party)Delphi MultimediaDelphi Native APIDelphi Non-TechnicalDelphi ObjectPascalDelphi OLE AutomationDelphi OO designDelphi OpenToolsAPIDelphi Reporting-ChartingDelphi RTLDelphi StudentsDelphi TeamSourceDelphi Thirdparty ToolsDelphi Thirdparty Tools (General)Delphi Thirdparty Tools (IntraWeb)Delphi Thirdparty Tools (RaveReports)Delphi UpgradeDelphi VCLDelphi VCL ComponentsDelphi VCL Components UsingDelphi VCL Components WritingDelphi WebServices SOAPDelphi WinAPIDelphi XMLDelphi Installationcomp.lang.pascal.delphi.components.misccomp.lang.pascal.delphi.components.usagecomp.lang.pascal.delphi.components.writingcomp.lang.pascal.delphi.databasescomp.lang.pascal.delphi.misccomp.sources.delphi JBuilder Newsgroups----------------JBuilderJBuilder AnnouncementsJBuilder Applet IssuesJBuilder As400JBuilder CompilerJBuilder CORBA/RMIJBuilder DatabasesJBuilder DB SwingJBuilder DebuggerJBuilder DeploymentJBuilder DocumentationJBuilder EnterpriseJBuilder HandheldJBuilder IDEJBuilder JavaJBuilder JavaAPIJBuilder Java LanguageJBuilder Java SwingJBuilder Java BeansJBuilder Java Beans UsageJBuilder Java Beans DevelopmentJBuilder JBCLJBuilder JDataStoreJBuilder JobsJBuilder LinuxJBuilder MacintoshJBuilder & MobileSetJBuilder MultiLingual AppsJBuilder Non-TechnicalJBuilder OpenToolsJBuilder Servlets (JSP)JBuilder StudentsJBuilder Team DevelopmentJBuilder Thirdparty ToolsJBuilder UpgradeJBuilder Installation InterBase Newsgroups----------------InterBaseInterBase Bug DiscussionInterBase GeneralInterBase IBConsoleInterBase OpenSourceInterBase ReplicationInterBase SQLInterBase ThirdpartyInterBase Installation Miscellaneous Borland Newsgroups----------------AppCenterAppServerEnteraVisiBroker  You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Powered by phpBB © 2001, 2006 phpBB Group SEO toolkit © 2004-2006 webmedic.