storing password value int sql server with secure way

Question

0.00/5 (No votes)

See more:

hai friends
i want to store password in sql server with secure way.and also i need to compare this password with user login for authentication.please help me
thank you

Posted 24-Jul-12 4:49am

baskaran chellasamy

Updated 24-Jul-12 4:52am

Wes Aday

v2

Add a Solution

Comments

[no name] 24-Jul-12 10:52am

What have you tried?

2 solutions

Solution 1

This is not a simple thing to do, there are many considerations. I recommend reading the following article to help you decide how you want to store your passwords. Its not my article, but one that I have found very useful!

http://throwingfire.com/storing-passwords-securely/[^]

Hogan

Posted 24-Jul-12 4:53am

snorkie

Comments

Sergey Alexandrovich Kryukov 24-Jul-12 11:39am

Right, my 5.
A also added my answer with more conceptual explanation of things (my experience shows that inquirers often cannot get the idea, so it might be needed). I credited this answer as well. Please see.
--SA

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Accepted Answer · 2012-07-24T05:34:00

No, you never need to store a password. There is no a "secure way". Storing a password anywhere is never needed for authentication purposes. Think about it: does anyone (except the user who owns the password) needs to know the password, ever? All authentication needs is to make sure, that the string entered by a authenticated user is the same that this user entered in the process of password creation. From the first glance, it looks like knowing of the password, but in fact this is not true. What to do this exercise in logic?

One of the ways of solving this problem which is usually used is calculation of a cryptographic hash function in both cases and storing the hash. If you want to say that this stored value is just the encrypted password, think again. The big difference is: the cryptographic hash cannot be decrypted at all, this is a one-way function. So, it's infeasible to calculate a password from hash (and, of course, it has nothing to do with system permissions: this is equally infeasible for anyone). And this is not needed: you just store hash and compare hash with hash.

Please see:
http://en.wikipedia.org/wiki/Cryptographic_hash_function[^].

Everything else depends on your platform, languages, the libraries you use and other detail you did not share with us. See also the article referenced by shorkie in Solution 1.

—SA