Ok some company has handed me this .xls file containing a 1000+ users -- their emails (which are to be their user names), and their passwords. Both are in plain text format. I want to add these users to the ASPNET_DB, with the condition that the passwords and userids are encrypted, as they are in the table.
How should I do this?
Thanks very much.
The encryption should be in a client side form. You don't want to encrypt a datatype on the DB end and attempt to decrpt it for display.
Create the Table as normal with both the username and password fields as varchar's. Use the import/export wizard to dump it in.
Encrypt the text box control on your form when entering.
<input id="Password1" type="password" />
It'll match against your varchar.
Adamus
|||No, I do want to encrypt the password and user name actually.|||Why is this a TSQL question? Do you want to perform the encryption on the client? Who will need to decrypt the username/password? What accesses the table? There are many questions and depending on that you can pick a method. Below are some ideas:
1. If you need to encrypt / decrypt the username & password combination on the client then it is best to use some algorithm that you can use on the client. So write a program that will encrypt the Excel data and produce a file. You can then load the file into the database
2. You could also use SQLCLR and use one of the Crypto API classes to do the encryption / decryption. You can then use it on the server-side easily.
And it seems like you should post this in the security newsgroup also. Deciding what level of encryption to use and the purpose of encryption depends on your requirements. The security guys will be able to help on the choice of the encryption algorithm or technology.
No comments:
Post a Comment