While developing a webpage/ application, generally we have to develop login panel to verify authenticity of the user. In any such panel we need password. Now main concern is to store the password in the database.
There are so many ways to encrypt the data. We usually find that any encryption method comes with its decryption as well. But using those processes we will make our passwords insecure. Recently I found a function in SQL Server-2008 that is developed for encrypting the password. For checking the password, it has an another method the compares the plane text password with the encrypted password.
For encrypting the password, the method is
PWDENCRYPT('plane_text')
and for comparing the encrypted string with plane string is
PWDCOPMARE('plane_text', encrypted_text)
first function encrypt the plane_text into nvarchar type string and second function returns 1 if both string is same else returns 0.
One more thing PWDENCRYPT('plane_text') method returns different values i.e two different encryption of same string results in different encrypted strings. This implies that every time string is encrypted with different keys and that key is also part of the encrypted string.
Example:
SELECT PWDENCRYPT('plane_text') AS EncrptedString
output: 0x010052FFF61F36AB06A3A2DEA6A1C736FF0B7C8C646F6883C3EB
SELECT PWDCOMPARE('plane_text', 0x010052FFF61F36AB06A3A2DEA6A1C736FF0B7C8C646F6883C3EB) AS isSameString
output: 1
Note: When you will run first query, it's output will not be the same as mine as discussed above. But second query will return 1 as both are same string.
No comments:
Post a Comment