How To Encrypt My Password Or Sensitive Data Before Storing Them In A Database , Using SQL Server 2005?[urgent Plz Help]
Jan 7, 2007
Hi there ,
1. i have a database and i want to encrypt my passwords before storing my records in a database plus i will later on would require to authenticate my user so again i have to encrypt the string provided by him to compare it with my encrypted password in database
below is my code , i dont know how to do it , plz help
2. one thing more i am storing IP addresses of my users as a "varchar" is there a better method to do it , if yes plz help me
try
{
SqlConnection myConnection = new SqlConnection();
myConnection.ConnectionString = ConfigurationManager.ConnectionStrings["projectConnectionString"].ConnectionString;
SqlDataAdapter myAdapter = new SqlDataAdapter("SELECT *From User_Info", myConnection);
SqlCommandBuilder builder = new SqlCommandBuilder(myAdapter);
DataSet myDataset = new DataSet();
myAdapter.Fill(myDataset, "User_Info");
//Adding New Row in User_Info Table
DataRow myRow = myDataset.Tables["User_Info"].NewRow();
myRow["user_name"] = this.user_name.Text;
myRow["password"] = this.password.Text; // shoule be encrypted
//not known till now how to do it
I have a package protected by a password - I am already unhappy that to get it to use the configuration file to change connection strings for the production servers I have had to hardcode the password into the config file - very insecure! However, the package now deploys correctly to the production server and will run from there OK, but NOT if scheduled as a SQL Server Agent Job. Thus is because however often I edit the command line to include the password after the DECRYPT switch (which it has prompted me for when I click on the command line tab), the Job Step will not retain it. If I open it up after I have edited it and closed it, the password has disappeared.
I know that if I run dtexec plus the code in the Command Line tab (with the password), the package runs OK.
This is driving me insane! I have read all the other posts and so I tried replacing the SSIS package step with a CmdExec step and pasting that code into there - then I get an OLEDB error..
The code I use is: DTEXEC /SQL "ImportRateMonitoringTables" /SERVER servername /DECRYPT password /CONFIGFILE "D:Microsoft SQL ServerSSISDeploymentsRateMonitoringImportTasksDeploymentImportRateMonitoringTables_Production.dtsConfig" /MAXCONCURRENT " -1 " /CHECKPOINTING OFF /REPORTING E
and I get
SSIS Error Code DTS_E_OLEDBERROR. An OLE DB error has occurred. Error code: 0x8000FFFF
although the same code executes perfectly from a command prompt.
Please does anyone have any experience with a similar problem and if so, how did you get round it?
Hi, SELECT UserID, UserName, Password, PublisherID, CurrencyFROM [User]WHERE (Password = 'Anitha') I am using the above mentioned it is working but int the password field i had given it as anitha. Now the querry is retriving the record for anitha, it shouldnot happen. The querry should retrive the record of anitha only for where condition anitha and not for Anitha or ANITHA etc.. Thanks Vishwanath
If you use "encrypt sensitive with user key" with windows user "Fred" and the "Fred" windows user is subsequently deleted from the server, can you then change the encryption level by using another person's login? Or is the package forever gone?
All packages were encrypted with a user key, since everyone logged in and developed with the same user. DOMAINi.user. Who was a local admin on the servers. The Sql Agent also ran under this account. So everything worked 100%.
We have had a security overhaul, each user now has hisher own login. So when DOMAINi.UserA now saves a package it fails when the Sql Agent runs it. Obviously becuase the agent does not run under DOMAINi.UserA , this is fine we created proxies etc.
BUT i only recently noticed that they also changed all the Sql services including the agent to run under a new account. DOMAINserviceAdmin. But all our jobs and packges ran fine after this.
I dont get it ? All the existing packges were encrypted with the DOMAINi.user login , which the agent ran under, so why when the agent account was changed do all these packages not fail with the usual failed to decrypt error ?
Basically i dont understand how packages encrypted under one user can now be executed by the Sql gent running under a different account ??
Hello there,I just want to ask if storing data in dbase is much better than storing it in the file system? Because for one, i am currenlty developing my thesis which uploads a blob.doc file to a web server (currently i'm using the localhost of ASP.NET) then retrieves it from the local hostAlso i want to know if im right at this, the localhost of ASP.NET is the same as the one of a natural web server on the net? Because i'm just thinking of uploading and downloading the files from a web server. Although our thesis defense didn't require us to really upload it on the net, we were advised to use a localhost on our PC's. I'll be just using my local server Is it ok to just use a web server for storing files than a database?
Hi, How to insert or store arabic data into a table in sql server 2005, also i want to retrieve it as arabic format.But now it insert (?????) like this.Please help me to find a solution. Regards Sabna S
I'm wondering what is the best way to store time-series data in an SQL database?? I've done a bit of investigating on the rrdtool (round robin database tool) that is used in a lot of nix based solutions for monitoring network equipment. I have a need to collect performance data from servers and routers and then produces some nice graphs from that data. I'm just not sure who i should store that data without the database growing to some huge size.
I'm using a Hemisphere West MSR-152 card reader. I need to take data from the reader and store it into SQL Server 2005 Express. Can anyone give ideas on how to do this (sample code recommendations). I'm using visual studio 2005 express and I code with VB.NET.
I am setting up several isql job in Enterprise Manager and as a cmdexec job I need to pass the user id and password( -P). I shtere any way not to pass this as text and perhaps hide/encrypt it since any one who opens the task scheduler and looks at the job can read the password?
hello guys! i have a question hope you'll help me..how can i encrypt the data that is stored in my password field everytime i insert value to it and decrypt it if i want to retrieve it? thanks in advance!!
hi, in my login form i have the password field.so i am sending password to my database table but while sending password has to be encrypted and while returning it has to be decrypted,is it possible to do in database if means please show me some example please
I'm very new new at this. I'm try to deploy a report model and got this message. I have no idea what its going on about.
Can anyone help me?
Aku
------------------------------
System.Web.Services.Protocols.SoapException: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> Microsoft.ReportingServices.Diagnostics.Utilities.RPCException: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> System.Exception: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> System.Exception: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> System.Exception: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> System.Exception: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> System.Exception: Bad Data. (Exception from HRESULT: 0x80090005) --- End of inner exception stack trace --- --- End of inner exception stack trace --- --- End of inner exception stack trace --- --- End of inner exception stack trace --- --- End of inner exception stack trace --- at Microsoft.ReportingServices.Diagnostics.DataProtection.ProtectData(Byte[] unprotectedData, String tag) at Microsoft.ReportingServices.Library.ConnectionManager.ConnectStorage() at Microsoft.ReportingServices.Library.Storage.NewStandardSqlCommand(String storedProcedureName) at Microsoft.ReportingServices.Library.DBInterface.GetAllConfigurationInfo() at Microsoft.ReportingServices.Library.RSService.GetSystemProperties(Property[] requestedProperties) at Microsoft.ReportingServices.WebServer.ReportingService.GetSystemProperties(Property[] Properties, Property[]& Values) --- End of inner exception stack trace --- at Microsoft.ReportingServices.WebServer.ReportingService.GetSystemProperties(Property[] Properties, Property[]& Values) (System.Web.Services)
Hi,I have a .net application and i added a code that encrypts data saved in database. However, there is already data in the fields that was entered before this change.I know need to check if the values in those fields are encrypted and if not i need to encrypt them.How can I perform such a check and update the relevant data?I use TrippleDES in .net to encrypt/decrypt the data.Thanks
Does anyone know which algorithm is being used to encrypt the passwords in the sysxlogins for SQL Server 2000? I've been googling for some time..but I can't seem to find this information. Please help.
I have a login table with username and password as attributes. I need to encrypt the password using stored procedure and then save it in the database. And also while retrieving the password, decrypt using the same stored procedure and get the original text.
I have been selecting the option to protect sensitive info in my packages with a password. However, this poses problems when later execute the packages by using the Execute Package Task. The problem is that I am repeated required to input the password before the packages will execute.
I was making this selection in the hope of not tying execution to a partiular user's credentials (my boss may also want to execute these pacakages at some point).
I find this subject confusing. Once I have selected this option, how can I change to another method? Additionally, does anyone have any advice vis a vis best practices in this matter? I want to store connection passwords, etc. in the package so they don't have to be supplied each time but I also want the information to be secure.
I have developed a Job Registration page, in which, the resume attached will be stored in the database in an image data-type field. Now, the client program includes migration of the database into local server and process the resumes.
After migration to the local database, if the client wants to process the resume and save directly to the database again, is it possible? This a very urgent requirement. Currently, i am separating the resume from the database and storing in a folder with the ID as the file name. But i want to convert it to a distributed application, which needs the resume to be in the database itself.
Can anybody suggest me the method to open .doc file from the database, process it and save directly to the database?
I have a stored procedure that validates a user login against a username and password field. How can I ensure case sensitivity in the stored procedure for the password field?
S/W Technologies : C#.Net 2005, ASP.Net 2005, SQL Server 2005 Greetings everyone, Heres my code for login verification, which is written in the login button click. SqlCommand cmd = new SqlCommand("Select uid,pass from UserRegistration where uid='" + txtuname.Text + "' and pass='" + txtpass.Text + "'", con); con.Open(); dr = cmd.ExecuteReader(); if (dr.HasRows) { <code......> } Now, my problem is, the SQL Server 2005 is fetching rows without checking case. For e.g. if I enter a password as "MYSTERY" or "mystery" which is stored as "Mystery" in the database. The datareader shows positive in HasRows property. So, Can someone suggest me how to fetch case sensitive data from SQL SERVER 2005. Thanks.
I was wondering if someone could help me as this is a bit of a puzzle.
I have created a database using a password, the create table scripts are executed successfully using the connection string however when I try and use the same connection string to insert some data into the database an error is produced, with the following message 'The specified password does not match the database password'.
I have opened the database using the SQL Server 2005 Management Studio and provide the password and I can access the database without a problem.
When the connection object is first instantiated all the Connection String property, the connStr variable and the modifiedConnStr are all correct (by this I mean that the data source and the password are present). However when the connection object is accessed again the Connection String property and the connStr variable are both set incorrectly (by this I mean that the password= section of the string is missing) however the modifiedConnStr is set correctly (by this I mean that the password= section is present in the string).
The connection object does not get set in between creating and accessing the connection object.
I have resorted to using no password, however I really need to be able to use a password.
Here is a copy of the connection string I am using (Copied directly from the quick watch window):
I am attempting to install SQL Server 2005 Enterprise Edition. The install stalls permanently, the SQL Server's memeory usage and CPU usage plummets to nothing and the SQL Server 2005 Setup Dialogue's status stops at "Validating Database Password." This occurs on the SQL Server Database Services portion of the install. The last line in the SQL Server Setup.log says "<Func Name = 'SAPaswwordPolicyCheck'>
I have verified that the sa password that I am entering when prompted for it in the install setup is valid with respect to SQL Server and Windows Server 2003 SP 1 (13 chars, at least one symbol, at least one upper and at least one lower). What else could be causing this problem? Any ideas or stabs would be greatly appreciated.
I am using the 3-tiered architecture design (presentation, business laws, and data acess layers). I am stuck on how to send the image the user selects in the upload file control to the BLL and then to the DAL because the DAL does all the inserts into the database. I would like to be able to check the file type in the BLL to make sure the file being uploaded is indeed a picture. Is there a way I can send the location of the file to the BLL, check the filetype, then upload the file and have the DAL insert the image into the database? I have seen examples where people use streams to upload the file directly from their presentation layer, but I would like to keep everything seperated in the three classes if possible. I also wasn't sure what variable type the image would be in the function in the BLL that receive the image from the PL. If there are any examples or tips anyone can give me that would be appreciated.
I got a shared web hosting server with sql server db which is 2k, and now ive got dedicated with godaddy where i installed sql 2005 express edition, now my shared hosting ppl gave me db bkup which i cant restore , so i copied all data from asp.net web based enterprise manager into an excel sheet and am trying to copy that data into sql2005 management studio express, however it doesnt let me do that.
I am trying to use openrowset, but my knowledge in sql is minimal so cant run that either.
can you please please please tell me how to do this asap, its very urgent as my contract runs out with shared hosting on 31 and ive to switch this site live by tomorrow.
please let me know asap wat to do, i can pay also for this job?