Encrypting a password column












0














I have a database table that looks like this (simplified):



CREATE TABLE  User 

(

     ID int, 

     UserName varchar(100), 

     password varchar(100), 

     primary key (ID)

)


I want to encrypt the password column. I have looked into TDS (Transparent Data Encryption) and it appears that you can encrypt databases and columns at the file level.



If I use this approach then will people see the password if they run the following query:



select password from [User]


The database runs on SQL Server 2012 Enterprise Edition.






sql sql-server sql-server-2012







share|improve this question




















  • 8




    The usual approach is to store a salted hash of the password...
    – Martin Milan
    Jan 6 '16 at 10:16






  • 1




    The whole concept here is wrong and bad for security. Never store a password with encryption, use a salted hash instead, as @MartinMilan suggests.
    – Jodrell
    Jan 6 '16 at 10:42
















0














I have a database table that looks like this (simplified):



CREATE TABLE  User 

(

     ID int, 

     UserName varchar(100), 

     password varchar(100), 

     primary key (ID)

)


I want to encrypt the password column. I have looked into TDS (Transparent Data Encryption) and it appears that you can encrypt databases and columns at the file level.



If I use this approach then will people see the password if they run the following query:



select password from [User]


The database runs on SQL Server 2012 Enterprise Edition.






sql sql-server sql-server-2012







share|improve this question




















  • 8




    The usual approach is to store a salted hash of the password...
    – Martin Milan
    Jan 6 '16 at 10:16






  • 1




    The whole concept here is wrong and bad for security. Never store a password with encryption, use a salted hash instead, as @MartinMilan suggests.
    – Jodrell
    Jan 6 '16 at 10:42














0












0








0







I have a database table that looks like this (simplified):



CREATE TABLE  User 

(

     ID int, 

     UserName varchar(100), 

     password varchar(100), 

     primary key (ID)

)


I want to encrypt the password column. I have looked into TDS (Transparent Data Encryption) and it appears that you can encrypt databases and columns at the file level.



If I use this approach then will people see the password if they run the following query:



select password from [User]


The database runs on SQL Server 2012 Enterprise Edition.






sql sql-server sql-server-2012







share|improve this question















I have a database table that looks like this (simplified):



CREATE TABLE  User 

(

     ID int, 

     UserName varchar(100), 

     password varchar(100), 

     primary key (ID)

)


I want to encrypt the password column. I have looked into TDS (Transparent Data Encryption) and it appears that you can encrypt databases and columns at the file level.



If I use this approach then will people see the password if they run the following query:



select password from [User]


The database runs on SQL Server 2012 Enterprise Edition.






sql sql-server sql-server-2012




sql sql-server sql-server-2012






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 19 '18 at 14:30









Martin

12.4k53478




12.4k53478










asked Jan 6 '16 at 10:12









w0051977

5,7691176172




5,7691176172








  • 8




    The usual approach is to store a salted hash of the password...
    – Martin Milan
    Jan 6 '16 at 10:16






  • 1




    The whole concept here is wrong and bad for security. Never store a password with encryption, use a salted hash instead, as @MartinMilan suggests.
    – Jodrell
    Jan 6 '16 at 10:42














  • 8




    The usual approach is to store a salted hash of the password...
    – Martin Milan
    Jan 6 '16 at 10:16






  • 1




    The whole concept here is wrong and bad for security. Never store a password with encryption, use a salted hash instead, as @MartinMilan suggests.
    – Jodrell
    Jan 6 '16 at 10:42








8




8




The usual approach is to store a salted hash of the password...
– Martin Milan
Jan 6 '16 at 10:16




The usual approach is to store a salted hash of the password...
– Martin Milan
Jan 6 '16 at 10:16




1




1




The whole concept here is wrong and bad for security. Never store a password with encryption, use a salted hash instead, as @MartinMilan suggests.
– Jodrell
Jan 6 '16 at 10:42




The whole concept here is wrong and bad for security. Never store a password with encryption, use a salted hash instead, as @MartinMilan suggests.
– Jodrell
Jan 6 '16 at 10:42












3 Answers
3






active

oldest

votes


















5














You could take a look at this link which could get you started in the right direction.



That being said however, it is the usual practice to store the hash value of the password itself rather than an encrypted version of the password. The hashing will allow you to check if the user has entered the correct password (by comparing the hash value you have in your database with the hash value of whatever the user entered) without the need of knowing what is the actual password.



The advantage of this is that it is usually simpler and more secure since you do not need to encrypt/decrypt any values. The drawback of using hashing is that you can never send the users their passwords (if you are planning to provide some sort of 'forgot my password' functionality) but rather you will have to reset it to a new, random one.



public string Encrypt(string plainText)

    {

        if (plainText == null) throw new ArgumentNullException("plainText");



        //encrypt data

        var data = Encoding.Unicode.GetBytes(plainText);

        byte encrypted = ProtectedData.Protect(data, null, Scope);



        //return as base64 string

        return Convert.ToBase64String(encrypted);

    }





public string Decrypt(string cipher)

    {

        if (cipher == null) throw new ArgumentNullException("cipher");



        //parse base64 string

        byte data = Convert.FromBase64String(cipher);



        //decrypt data

        byte decrypted = ProtectedData.Unprotect(data, null, Scope);

        return Encoding.Unicode.GetString(decrypted);

    }





share|improve this answer























  • Thanks +1. Would this approach work if I had a table called Database containing connection information for thirty databases (I would want to encrypt the password column).
    – w0051977
    Jan 6 '16 at 10:28










  • updating my answer :)
    – Ahsan Aziz Abbasi
    Jan 6 '16 at 10:31










  • use these codes in C# to encrypt & decrypt
    – Ahsan Aziz Abbasi
    Jan 6 '16 at 10:33






  • 2




    If a user has forgotten their password, you don't send them their old one.
    – Jodrell
    Jan 6 '16 at 10:36






  • 2




    question is incomplete so I just point at a way to encrypting
    – Ahsan Aziz Abbasi
    Jan 6 '16 at 10:42



















1














You may also take a look at this link which demonstrates the use of symmetric key encryption.






share|improve this answer





















  • (Y) check this one too
    – Ahsan Aziz Abbasi
    Jan 6 '16 at 10:43



















0














CREATE TABLE [Users] (

    UserID int identity(1,1) primary key,

    [Login] varchar(32) unique,

    [Email] varchar(32) unique,

    [Password] varbinary(256) not null,

    [BackupCode] varbinary(256) not null,

    ModifiedDate datetime default (getdate()));



DECLARE @EncryptionKey nvarchar(32) = '007London' ;

DECLARE @Password varchar(32) = 'LoveDanger&Romance' ;

DECLARE @Code varchar(32) = 'GoNawazGo' ;


Insert Query(encryption): 



INSERT [Users] ([Login], [Email], [Password], [BackupCode])

SELECT 'JamesBond', 'test@test.com',

    EncryptByPassPhrase(@EncryptionKey, @Password),

    EncryptByPassPhrase(@EncryptionKey, @Code)


Select Query(decryption): 



 SELECT *, 

     DecryptedPassword = Convert(varchar(32),

     DecryptByPassPhrase(@EncryptionKey, [Password])),

     [Password],

     DecryptedCode = Convert(varchar(32),

     DecryptByPassPhrase(@EncryptionKey, [BackupCode])),

     [BackupCode]

     FROM [Users]





share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f34630508%2fencrypting-a-password-column%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    3 Answers
    3






    active

    oldest

    votes








    3 Answers
    3






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    5














    You could take a look at this link which could get you started in the right direction.



    That being said however, it is the usual practice to store the hash value of the password itself rather than an encrypted version of the password. The hashing will allow you to check if the user has entered the correct password (by comparing the hash value you have in your database with the hash value of whatever the user entered) without the need of knowing what is the actual password.



    The advantage of this is that it is usually simpler and more secure since you do not need to encrypt/decrypt any values. The drawback of using hashing is that you can never send the users their passwords (if you are planning to provide some sort of 'forgot my password' functionality) but rather you will have to reset it to a new, random one.



    public string Encrypt(string plainText)
    
    {
    
        if (plainText == null) throw new ArgumentNullException("plainText");
    

    
        //encrypt data
    
        var data = Encoding.Unicode.GetBytes(plainText);
    
        byte encrypted = ProtectedData.Protect(data, null, Scope);
    

    
        //return as base64 string
    
        return Convert.ToBase64String(encrypted);
    
    }
    

    

    
public string Decrypt(string cipher)
    
    {
    
        if (cipher == null) throw new ArgumentNullException("cipher");
    

    
        //parse base64 string
    
        byte data = Convert.FromBase64String(cipher);
    

    
        //decrypt data
    
        byte decrypted = ProtectedData.Unprotect(data, null, Scope);
    
        return Encoding.Unicode.GetString(decrypted);
    
    }





    share|improve this answer























    • Thanks +1. Would this approach work if I had a table called Database containing connection information for thirty databases (I would want to encrypt the password column).
      – w0051977
      Jan 6 '16 at 10:28










    • updating my answer :)
      – Ahsan Aziz Abbasi
      Jan 6 '16 at 10:31










    • use these codes in C# to encrypt & decrypt
      – Ahsan Aziz Abbasi
      Jan 6 '16 at 10:33






    • 2




      If a user has forgotten their password, you don't send them their old one.
      – Jodrell
      Jan 6 '16 at 10:36






    • 2




      question is incomplete so I just point at a way to encrypting
      – Ahsan Aziz Abbasi
      Jan 6 '16 at 10:42
















    5














    You could take a look at this link which could get you started in the right direction.



    That being said however, it is the usual practice to store the hash value of the password itself rather than an encrypted version of the password. The hashing will allow you to check if the user has entered the correct password (by comparing the hash value you have in your database with the hash value of whatever the user entered) without the need of knowing what is the actual password.



    The advantage of this is that it is usually simpler and more secure since you do not need to encrypt/decrypt any values. The drawback of using hashing is that you can never send the users their passwords (if you are planning to provide some sort of 'forgot my password' functionality) but rather you will have to reset it to a new, random one.



    public string Encrypt(string plainText)
    
    {
    
        if (plainText == null) throw new ArgumentNullException("plainText");
    

    
        //encrypt data
    
        var data = Encoding.Unicode.GetBytes(plainText);
    
        byte encrypted = ProtectedData.Protect(data, null, Scope);
    

    
        //return as base64 string
    
        return Convert.ToBase64String(encrypted);
    
    }
    

    

    
public string Decrypt(string cipher)
    
    {
    
        if (cipher == null) throw new ArgumentNullException("cipher");
    

    
        //parse base64 string
    
        byte data = Convert.FromBase64String(cipher);
    

    
        //decrypt data
    
        byte decrypted = ProtectedData.Unprotect(data, null, Scope);
    
        return Encoding.Unicode.GetString(decrypted);
    
    }





    share|improve this answer























    • Thanks +1. Would this approach work if I had a table called Database containing connection information for thirty databases (I would want to encrypt the password column).
      – w0051977
      Jan 6 '16 at 10:28










    • updating my answer :)
      – Ahsan Aziz Abbasi
      Jan 6 '16 at 10:31










    • use these codes in C# to encrypt & decrypt
      – Ahsan Aziz Abbasi
      Jan 6 '16 at 10:33






    • 2




      If a user has forgotten their password, you don't send them their old one.
      – Jodrell
      Jan 6 '16 at 10:36






    • 2




      question is incomplete so I just point at a way to encrypting
      – Ahsan Aziz Abbasi
      Jan 6 '16 at 10:42














    5












    5








    5






    You could take a look at this link which could get you started in the right direction.



    That being said however, it is the usual practice to store the hash value of the password itself rather than an encrypted version of the password. The hashing will allow you to check if the user has entered the correct password (by comparing the hash value you have in your database with the hash value of whatever the user entered) without the need of knowing what is the actual password.



    The advantage of this is that it is usually simpler and more secure since you do not need to encrypt/decrypt any values. The drawback of using hashing is that you can never send the users their passwords (if you are planning to provide some sort of 'forgot my password' functionality) but rather you will have to reset it to a new, random one.



    public string Encrypt(string plainText)
    
    {
    
        if (plainText == null) throw new ArgumentNullException("plainText");
    

    
        //encrypt data
    
        var data = Encoding.Unicode.GetBytes(plainText);
    
        byte encrypted = ProtectedData.Protect(data, null, Scope);
    

    
        //return as base64 string
    
        return Convert.ToBase64String(encrypted);
    
    }
    

    

    
public string Decrypt(string cipher)
    
    {
    
        if (cipher == null) throw new ArgumentNullException("cipher");
    

    
        //parse base64 string
    
        byte data = Convert.FromBase64String(cipher);
    

    
        //decrypt data
    
        byte decrypted = ProtectedData.Unprotect(data, null, Scope);
    
        return Encoding.Unicode.GetString(decrypted);
    
    }





    share|improve this answer














    You could take a look at this link which could get you started in the right direction.



    That being said however, it is the usual practice to store the hash value of the password itself rather than an encrypted version of the password. The hashing will allow you to check if the user has entered the correct password (by comparing the hash value you have in your database with the hash value of whatever the user entered) without the need of knowing what is the actual password.



    The advantage of this is that it is usually simpler and more secure since you do not need to encrypt/decrypt any values. The drawback of using hashing is that you can never send the users their passwords (if you are planning to provide some sort of 'forgot my password' functionality) but rather you will have to reset it to a new, random one.



    public string Encrypt(string plainText)
    
    {
    
        if (plainText == null) throw new ArgumentNullException("plainText");
    

    
        //encrypt data
    
        var data = Encoding.Unicode.GetBytes(plainText);
    
        byte encrypted = ProtectedData.Protect(data, null, Scope);
    

    
        //return as base64 string
    
        return Convert.ToBase64String(encrypted);
    
    }
    

    

    
public string Decrypt(string cipher)
    
    {
    
        if (cipher == null) throw new ArgumentNullException("cipher");
    

    
        //parse base64 string
    
        byte data = Convert.FromBase64String(cipher);
    

    
        //decrypt data
    
        byte decrypted = ProtectedData.Unprotect(data, null, Scope);
    
        return Encoding.Unicode.GetString(decrypted);
    
    }






    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Jan 6 '16 at 10:32

























    answered Jan 6 '16 at 10:20









    Ahsan Aziz Abbasi

    14012




    14012












    • Thanks +1. Would this approach work if I had a table called Database containing connection information for thirty databases (I would want to encrypt the password column).
      – w0051977
      Jan 6 '16 at 10:28










    • updating my answer :)
      – Ahsan Aziz Abbasi
      Jan 6 '16 at 10:31










    • use these codes in C# to encrypt & decrypt
      – Ahsan Aziz Abbasi
      Jan 6 '16 at 10:33






    • 2




      If a user has forgotten their password, you don't send them their old one.
      – Jodrell
      Jan 6 '16 at 10:36






    • 2




      question is incomplete so I just point at a way to encrypting
      – Ahsan Aziz Abbasi
      Jan 6 '16 at 10:42


















    • Thanks +1. Would this approach work if I had a table called Database containing connection information for thirty databases (I would want to encrypt the password column).
      – w0051977
      Jan 6 '16 at 10:28










    • updating my answer :)
      – Ahsan Aziz Abbasi
      Jan 6 '16 at 10:31










    • use these codes in C# to encrypt & decrypt
      – Ahsan Aziz Abbasi
      Jan 6 '16 at 10:33






    • 2




      If a user has forgotten their password, you don't send them their old one.
      – Jodrell
      Jan 6 '16 at 10:36






    • 2




      question is incomplete so I just point at a way to encrypting
      – Ahsan Aziz Abbasi
      Jan 6 '16 at 10:42
















    Thanks +1. Would this approach work if I had a table called Database containing connection information for thirty databases (I would want to encrypt the password column).
    – w0051977
    Jan 6 '16 at 10:28




    Thanks +1. Would this approach work if I had a table called Database containing connection information for thirty databases (I would want to encrypt the password column).
    – w0051977
    Jan 6 '16 at 10:28












    updating my answer :)
    – Ahsan Aziz Abbasi
    Jan 6 '16 at 10:31




    updating my answer :)
    – Ahsan Aziz Abbasi
    Jan 6 '16 at 10:31












    use these codes in C# to encrypt & decrypt
    – Ahsan Aziz Abbasi
    Jan 6 '16 at 10:33




    use these codes in C# to encrypt & decrypt
    – Ahsan Aziz Abbasi
    Jan 6 '16 at 10:33




    2




    2




    If a user has forgotten their password, you don't send them their old one.
    – Jodrell
    Jan 6 '16 at 10:36




    If a user has forgotten their password, you don't send them their old one.
    – Jodrell
    Jan 6 '16 at 10:36




    2




    2




    question is incomplete so I just point at a way to encrypting
    – Ahsan Aziz Abbasi
    Jan 6 '16 at 10:42




    question is incomplete so I just point at a way to encrypting
    – Ahsan Aziz Abbasi
    Jan 6 '16 at 10:42













    1














    You may also take a look at this link which demonstrates the use of symmetric key encryption.






    share|improve this answer





















    • (Y) check this one too
      – Ahsan Aziz Abbasi
      Jan 6 '16 at 10:43
















    1














    You may also take a look at this link which demonstrates the use of symmetric key encryption.






    share|improve this answer





















    • (Y) check this one too
      – Ahsan Aziz Abbasi
      Jan 6 '16 at 10:43














    1












    1








    1






    You may also take a look at this link which demonstrates the use of symmetric key encryption.






    share|improve this answer












    You may also take a look at this link which demonstrates the use of symmetric key encryption.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Jan 6 '16 at 10:29









    user824910

    45551332




    45551332












    • (Y) check this one too
      – Ahsan Aziz Abbasi
      Jan 6 '16 at 10:43


















    • (Y) check this one too
      – Ahsan Aziz Abbasi
      Jan 6 '16 at 10:43
















    (Y) check this one too
    – Ahsan Aziz Abbasi
    Jan 6 '16 at 10:43




    (Y) check this one too
    – Ahsan Aziz Abbasi
    Jan 6 '16 at 10:43











    0














    CREATE TABLE [Users] (
    
    UserID int identity(1,1) primary key,
    
    [Login] varchar(32) unique,
    
    [Email] varchar(32) unique,
    
    [Password] varbinary(256) not null,
    
    [BackupCode] varbinary(256) not null,
    
    ModifiedDate datetime default (getdate()));
    

    
DECLARE @EncryptionKey nvarchar(32) = '007London' ;
    
DECLARE @Password varchar(32) = 'LoveDanger&Romance' ;
    
DECLARE @Code varchar(32) = 'GoNawazGo' ;


    Insert Query(encryption): 



    INSERT [Users] ([Login], [Email], [Password], [BackupCode])
    
SELECT 'JamesBond', 'test@test.com',
    
    EncryptByPassPhrase(@EncryptionKey, @Password),
    
    EncryptByPassPhrase(@EncryptionKey, @Code)


    Select Query(decryption): 



     SELECT *, 
    
     DecryptedPassword = Convert(varchar(32),
    
     DecryptByPassPhrase(@EncryptionKey, [Password])),
    
     [Password],
    
     DecryptedCode = Convert(varchar(32),
    
     DecryptByPassPhrase(@EncryptionKey, [BackupCode])),
    
     [BackupCode]
    
     FROM [Users]





    share|improve this answer




























      0














      CREATE TABLE [Users] (
      
    UserID int identity(1,1) primary key,
      
    [Login] varchar(32) unique,
      
    [Email] varchar(32) unique,
      
    [Password] varbinary(256) not null,
      
    [BackupCode] varbinary(256) not null,
      
    ModifiedDate datetime default (getdate()));
      

      
DECLARE @EncryptionKey nvarchar(32) = '007London' ;
      
DECLARE @Password varchar(32) = 'LoveDanger&Romance' ;
      
DECLARE @Code varchar(32) = 'GoNawazGo' ;


      Insert Query(encryption): 



      INSERT [Users] ([Login], [Email], [Password], [BackupCode])
      
SELECT 'JamesBond', 'test@test.com',
      
    EncryptByPassPhrase(@EncryptionKey, @Password),
      
    EncryptByPassPhrase(@EncryptionKey, @Code)


      Select Query(decryption): 



       SELECT *, 
      
     DecryptedPassword = Convert(varchar(32),
      
     DecryptByPassPhrase(@EncryptionKey, [Password])),
      
     [Password],
      
     DecryptedCode = Convert(varchar(32),
      
     DecryptByPassPhrase(@EncryptionKey, [BackupCode])),
      
     [BackupCode]
      
     FROM [Users]





      share|improve this answer


























        0












        0








        0






        CREATE TABLE [Users] (
        
    UserID int identity(1,1) primary key,
        
    [Login] varchar(32) unique,
        
    [Email] varchar(32) unique,
        
    [Password] varbinary(256) not null,
        
    [BackupCode] varbinary(256) not null,
        
    ModifiedDate datetime default (getdate()));
        

        
DECLARE @EncryptionKey nvarchar(32) = '007London' ;
        
DECLARE @Password varchar(32) = 'LoveDanger&Romance' ;
        
DECLARE @Code varchar(32) = 'GoNawazGo' ;


        Insert Query(encryption): 



        INSERT [Users] ([Login], [Email], [Password], [BackupCode])
        
SELECT 'JamesBond', 'test@test.com',
        
    EncryptByPassPhrase(@EncryptionKey, @Password),
        
    EncryptByPassPhrase(@EncryptionKey, @Code)


        Select Query(decryption): 



         SELECT *, 
        
     DecryptedPassword = Convert(varchar(32),
        
     DecryptByPassPhrase(@EncryptionKey, [Password])),
        
     [Password],
        
     DecryptedCode = Convert(varchar(32),
        
     DecryptByPassPhrase(@EncryptionKey, [BackupCode])),
        
     [BackupCode]
        
     FROM [Users]





        share|improve this answer














        CREATE TABLE [Users] (
        
    UserID int identity(1,1) primary key,
        
    [Login] varchar(32) unique,
        
    [Email] varchar(32) unique,
        
    [Password] varbinary(256) not null,
        
    [BackupCode] varbinary(256) not null,
        
    ModifiedDate datetime default (getdate()));
        

        
DECLARE @EncryptionKey nvarchar(32) = '007London' ;
        
DECLARE @Password varchar(32) = 'LoveDanger&Romance' ;
        
DECLARE @Code varchar(32) = 'GoNawazGo' ;


        Insert Query(encryption): 



        INSERT [Users] ([Login], [Email], [Password], [BackupCode])
        
SELECT 'JamesBond', 'test@test.com',
        
    EncryptByPassPhrase(@EncryptionKey, @Password),
        
    EncryptByPassPhrase(@EncryptionKey, @Code)


        Select Query(decryption): 



         SELECT *, 
        
     DecryptedPassword = Convert(varchar(32),
        
     DecryptByPassPhrase(@EncryptionKey, [Password])),
        
     [Password],
        
     DecryptedCode = Convert(varchar(32),
        
     DecryptByPassPhrase(@EncryptionKey, [BackupCode])),
        
     [BackupCode]
        
     FROM [Users]






        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Nov 19 '18 at 14:22

























        answered Jun 26 '18 at 10:03









        Junaid Masood

        357412




        357412






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f34630508%2fencrypting-a-password-column%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            MongoDB - Not Authorized To Execute Command

            Image
            .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I have successfully enabled authorization on MongoDB and I have created an account on the admin database and then I created an account for my database called test. The following connection string to connect to my test database works successfully: mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase test Only problem I have now is, I cannot execute commands such as: show dbs. I get the following error when I try to do so: "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, lsid: { id: UUID("a1d5bc0d-bc58-485e-b232-270758a89455") }, $db: "admin...
            Read more

            How to fix TextFormField cause rebuild widget in Flutter

            Image
            .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I've got the same issue at #9280. I tried all solutions from that topic with/without GlobalKey for Scaffold and Form but the problem wasn't fixed. I tried to build a authentication form with login and signup. But the keyboard doesn't show when I tap the TextFormField at the first time. Then I try to input some letter from physical keyboard, the widget is rebuilt. Like this: login screen Nothing to be log when I run flutter run --verbose, so I logged manually. Every tapping on field, the widget called dispose -> init -> build. [√] Flutter (Channel beta, v1.0.0, on Microsoft Windows [Version 10.0.17763.195], ...
            Read more

            in spring boot 2.1 many test slices are not allowed anymore due to multiple @BootstrapWith

            Image
            1 I tried to upgrade a yummy sandwich made of two test slices (@JsonTest and @JdbcTest in my case, crunchy test code in between) adding spring boot 2.1 flavour to it. But it seems it was not much of a success. I cannot annotate my tests with many @...Test since they are now each bringing their own XxxTestContextBootstrapper. It used to work when they all used same SpringBootTestContextBootstrapper. @RunWith(SpringRunner.class) @JdbcTest @JsonTest public class Test { @Test public void test() { System.out.printn("Hello, World !"); } } The error I get from BootstrapUtils is illegalStateException : Configuration error: found multiple declarations of @BootstrapWith for test class I understand I might be doing something wrong here but is there an easy way I could load both Json and Jdbc contex...
            Read more