How to hide user-passwords in SQL Server database
Solution 1
i prefer to store user password as with md5
save passwords after md5sum when user trying to login
user variables from form
var_username = jersey
var_password = 123456
// dont forget to escape for sql injection
// generate md5sum for password
var_md5password = md5(password)
SELECT * FROM users WHERE username = 'var_username' AND password = 'var_md5password'
for example
|- id -|- username -|- password -|
|- 1 -|- jersey -|- 123456 -|
|- 2 -|- timber -|- 1234567 -|
table with md5
|- id -|- username -|- password -|
|- 1 -|- jersey -|- e10adc3949ba59abbe56e057f20f883e -|
|- 2 -|- timber -|- fcea920f7412b5da7be0cf42b8c93759 -|
more secure way
secret_key = topsecretkey
password: 123456
md5(password+secretkey)
it will generate a better md5
Solution 2
I actually just found a free ASP script implementing the SHA-256 one-way encryption algorithm, which is one of the industry standard methods for generating digital signatures.
It also contains a form and ASP code that demonstrates the algorithm can be used. The SHA-256 algorithm is one of the industry standard methods for generating digital signatures. It is generically known as a digest, digital signature, one-way encryption, hash or checksum algorithm. A common use for SHA-256 is for password encryption as it is one-way in nature, that does not mean that your passwords are not free from a dictionary attack.
I dont know if this is more secure than MD5, but here it goes:
http://www.freevbcode.com/ShowCode.asp?ID=2565
MicBehrens
HTML5 CSS3 JavaScript AngularJS jQuery jQueryUI ASP Classic PHP7 Python RegExp TSQL SQL Server MySQL
Updated on June 05, 2022Comments
-
MicBehrens almost 2 years
To improve the security for my users I wish to hide all user-passwords in my MSSQL database. The webapplication is in ASP Classic and the SQL-field is a varchar(max).
I have heard about hashing the codes, but how does this work? Is it something to be done in the SQL string or making an ASP function?
My current users tabel setup are:
id username password 1 jersey plaintextpassword 2 timber plaintextpassword ....