"Rich" wrote:

> Hello group,
>
> I have a fairly simple question (hopefully simple anyway).  I have a table
> that has basic application user data: name, address, city, email, password. 
> I now have a requirement to in bulk take the password and encrypt them.  They
> have already given me the function name to use: ToBase64Sting().
>
> Here is the question; how can I run the password field into this function in
> a stored procedure?  I am not familier with this function but have done some
> reading.  I suspect I would just place the scrambled password into a second
> field and delete the original, then rename the field.  Any suggestions?

"David Gugick" wrote:

> Rich wrote:
> > Hello group,
> >
> > I have a fairly simple question (hopefully simple anyway).  I have a
> > table that has basic application user data: name, address, city,
> > email, password. I now have a requirement to in bulk take the
> > password and encrypt them.  They have already given me the function
> > name to use: ToBase64Sting().
> >
> > Here is the question; how can I run the password field into this
> > function in a stored procedure?  I am not familier with this function
> > but have done some reading.  I suspect I would just place the
> > scrambled password into a second field and delete the original, then
> > rename the field.  Any suggestions?
>
> Is the function they gave you a SQL Server callable function? If so, you
> can just update the table directly, assuming the return value from the
> function (which is likely just ASCII) is compatible with the data type
> you are using for the column in the table. Something like:
>
> Update
>   dbo.MyTable
> Set
>   Password = dbo.ToBase64String(Password)
>
> BTW, why are you storing passwords in the database? Base64 is not an
> encryption scheme. It is an encoding scheme, used mainly by email system
> to send attachments. Base64 is not secure and anyone with internet
> access will be able to turn that Base64 value into the original
> password. So, you may want to reconsider storing passwords in the
> database.
>
>
> --
> David Gugick
> Quest Software
> www.imceda.com
> www.quest.com
>
>

"Rich" wrote:

> Hello David,
>
> see http://support.microsoft.com/default.aspx?scid=kb;en-us;317535
> I thought that this function would be available from the SQL Server however
> this function does not appear to be part of TSQL.  I tried the code fragment
> you posted and I am thinking this will not work.  This functionis something
> the my web developers I work with are using so you comment about being secure
> over the web scares me...
> Rich
>
> "David Gugick" wrote:
>
> > Rich wrote:
> > > Hello group,
> > >
> > > I have a fairly simple question (hopefully simple anyway).  I have a
> > > table that has basic application user data: name, address, city,
> > > email, password. I now have a requirement to in bulk take the
> > > password and encrypt them.  They have already given me the function
> > > name to use: ToBase64Sting().
> > >
> > > Here is the question; how can I run the password field into this
> > > function in a stored procedure?  I am not familier with this function
> > > but have done some reading.  I suspect I would just place the
> > > scrambled password into a second field and delete the original, then
> > > rename the field.  Any suggestions?
> >
> > Is the function they gave you a SQL Server callable function? If so, you
> > can just update the table directly, assuming the return value from the
> > function (which is likely just ASCII) is compatible with the data type
> > you are using for the column in the table. Something like:
> >
> > Update
> >   dbo.MyTable
> > Set
> >   Password = dbo.ToBase64String(Password)
> >
> > BTW, why are you storing passwords in the database? Base64 is not an
> > encryption scheme. It is an encoding scheme, used mainly by email system
> > to send attachments. Base64 is not secure and anyone with internet
> > access will be able to turn that Base64 value into the original
> > password. So, you may want to reconsider storing passwords in the
> > database.
> >
> >
> > --
> > David Gugick
> > Quest Software
> > www.imceda.com
> > www.quest.com
> >
> >

"SQL" wrote:

> I see what you are doing we used to do the same
> You use .NET encryption the function you mentioned is a .NET function
> Have one of your web guys write a script to loop through the table and
> update the password with the encrypted string
> There is no way you can do this in SQL server 2000 (as far as I know that is)
>
> http://sqlservercode.blogspot.com/
>
>
> "Rich" wrote:
>
> > Hello David,
> >
> > see http://support.microsoft.com/default.aspx?scid=kb;en-us;317535
> > I thought that this function would be available from the SQL Server however
> > this function does not appear to be part of TSQL.  I tried the code fragment
> > you posted and I am thinking this will not work.  This functionis something
> > the my web developers I work with are using so you comment about being secure
> > over the web scares me...
> > Rich
> >
> > "David Gugick" wrote:
> >
> > > Rich wrote:
> > > > Hello group,
> > > >
> > > > I have a fairly simple question (hopefully simple anyway).  I have a
> > > > table that has basic application user data: name, address, city,
> > > > email, password. I now have a requirement to in bulk take the
> > > > password and encrypt them.  They have already given me the function
> > > > name to use: ToBase64Sting().
> > > >
> > > > Here is the question; how can I run the password field into this
> > > > function in a stored procedure?  I am not familier with this function
> > > > but have done some reading.  I suspect I would just place the
> > > > scrambled password into a second field and delete the original, then
> > > > rename the field.  Any suggestions?
> > >
> > > Is the function they gave you a SQL Server callable function? If so, you
> > > can just update the table directly, assuming the return value from the
> > > function (which is likely just ASCII) is compatible with the data type
> > > you are using for the column in the table. Something like:
> > >
> > > Update
> > >   dbo.MyTable
> > > Set
> > >   Password = dbo.ToBase64String(Password)
> > >
> > > BTW, why are you storing passwords in the database? Base64 is not an
> > > encryption scheme. It is an encoding scheme, used mainly by email system
> > > to send attachments. Base64 is not secure and anyone with internet
> > > access will be able to turn that Base64 value into the original
> > > password. So, you may want to reconsider storing passwords in the
> > > database.
> > >
> > >
> > > --
> > > David Gugick
> > > Quest Software
> > > www.imceda.com
> > > www.quest.com
> > >
> > >

"Rich" wrote:

> Hello SQL,
>
> yes, yes, yes, you understand!  I just need a loop to update that field with
> that function they suggested!  The problem is I will end up make the "loop". 
> I am looking at making this looper in MSAccess, connect to the table, run the
> loop and be done with this.  I just need to understand if this is a standard
> VB function that I can drop the field into the function and let the thing
> return the encrypted password.
>
> Rich
>
> "SQL" wrote:
>
> > I see what you are doing we used to do the same
> > You use .NET encryption the function you mentioned is a .NET function
> > Have one of your web guys write a script to loop through the table and
> > update the password with the encrypted string
> > There is no way you can do this in SQL server 2000 (as far as I know that is)
> >
> > http://sqlservercode.blogspot.com/
> >
> >
> > "Rich" wrote:
> >
> > > Hello David,
> > >
> > > see http://support.microsoft.com/default.aspx?scid=kb;en-us;317535
> > > I thought that this function would be available from the SQL Server however
> > > this function does not appear to be part of TSQL.  I tried the code fragment
> > > you posted and I am thinking this will not work.  This functionis something
> > > the my web developers I work with are using so you comment about being secure
> > > over the web scares me...
> > > Rich
> > >
> > > "David Gugick" wrote:
> > >
> > > > Rich wrote:
> > > > > Hello group,
> > > > >
> > > > > I have a fairly simple question (hopefully simple anyway).  I have a
> > > > > table that has basic application user data: name, address, city,
> > > > > email, password. I now have a requirement to in bulk take the
> > > > > password and encrypt them.  They have already given me the function
> > > > > name to use: ToBase64Sting().
> > > > >
> > > > > Here is the question; how can I run the password field into this
> > > > > function in a stored procedure?  I am not familier with this function
> > > > > but have done some reading.  I suspect I would just place the
> > > > > scrambled password into a second field and delete the original, then
> > > > > rename the field.  Any suggestions?
> > > >
> > > > Is the function they gave you a SQL Server callable function? If so, you
> > > > can just update the table directly, assuming the return value from the
> > > > function (which is likely just ASCII) is compatible with the data type
> > > > you are using for the column in the table. Something like:
> > > >
> > > > Update
> > > >   dbo.MyTable
> > > > Set
> > > >   Password = dbo.ToBase64String(Password)
> > > >
> > > > BTW, why are you storing passwords in the database? Base64 is not an
> > > > encryption scheme. It is an encoding scheme, used mainly by email system
> > > > to send attachments. Base64 is not secure and anyone with internet
> > > > access will be able to turn that Base64 value into the original
> > > > password. So, you may want to reconsider storing passwords in the
> > > > database.
> > > >
> > > >
> > > > --
> > > > David Gugick
> > > > Quest Software
> > > > www.imceda.com
> > > > www.quest.com
> > > >
> > > >

"SQL" <S**@discussions.microsoft.com> wrote in message
news:F32DD3BB-A829-456F-AF2A-18AA6D1FEEDB@microsoft.com...
>I don't know if MS Access will work
> We used C# ASP.NET but I was not involved with this process
> I don't know if MS Access can access those functions since they are .NET
> specific
> try one of the .NET newsgroups for this question
>
> http://sqlservercode.blogspot.com/
>
>
> "Rich" wrote:
>
>> Hello SQL,
>>
>> yes, yes, yes, you understand!  I just need a loop to update that field
>> with
>> that function they suggested!  The problem is I will end up make the
>> "loop".
>> I am looking at making this looper in MSAccess, connect to the table, run
>> the
>> loop and be done with this.  I just need to understand if this is a
>> standard
>> VB function that I can drop the field into the function and let the thing
>> return the encrypted password.
>>
>> Rich
>>
>> "SQL" wrote:
>>
>> > I see what you are doing we used to do the same
>> > You use .NET encryption the function you mentioned is a .NET function
>> > Have one of your web guys write a script to loop through the table and
>> > update the password with the encrypted string
>> > There is no way you can do this in SQL server 2000 (as far as I know
>> > that is)
>> >
>> > http://sqlservercode.blogspot.com/
>> >
>> >
>> > "Rich" wrote:
>> >
>> > > Hello David,
>> > >
>> > > see http://support.microsoft.com/default.aspx?scid=kb;en-us;317535
>> > > I thought that this function would be available from the SQL Server
>> > > however
>> > > this function does not appear to be part of TSQL.  I tried the code
>> > > fragment
>> > > you posted and I am thinking this will not work.  This functionis
>> > > something
>> > > the my web developers I work with are using so you comment about
>> > > being secure
>> > > over the web scares me...
>> > > Rich
>> > >
>> > > "David Gugick" wrote:
>> > >
>> > > > Rich wrote:
>> > > > > Hello group,
>> > > > >
>> > > > > I have a fairly simple question (hopefully simple anyway).  I
>> > > > > have a
>> > > > > table that has basic application user data: name, address, city,
>> > > > > email, password. I now have a requirement to in bulk take the
>> > > > > password and encrypt them.  They have already given me the
>> > > > > function
>> > > > > name to use: ToBase64Sting().
>> > > > >
>> > > > > Here is the question; how can I run the password field into this
>> > > > > function in a stored procedure?  I am not familier with this
>> > > > > function
>> > > > > but have done some reading.  I suspect I would just place the
>> > > > > scrambled password into a second field and delete the original,
>> > > > > then
>> > > > > rename the field.  Any suggestions?
>> > > >
>> > > > Is the function they gave you a SQL Server callable function? If
>> > > > so, you
>> > > > can just update the table directly, assuming the return value from
>> > > > the
>> > > > function (which is likely just ASCII) is compatible with the data
>> > > > type
>> > > > you are using for the column in the table. Something like:
>> > > >
>> > > > Update
>> > > >   dbo.MyTable
>> > > > Set
>> > > >   Password = dbo.ToBase64String(Password)
>> > > >
>> > > > BTW, why are you storing passwords in the database? Base64 is not
>> > > > an
>> > > > encryption scheme. It is an encoding scheme, used mainly by email
>> > > > system
>> > > > to send attachments. Base64 is not secure and anyone with internet
>> > > > access will be able to turn that Base64 value into the original
>> > > > password. So, you may want to reconsider storing passwords in the
>> > > > database.
>> > > >
>> > > >
>> > > > --
>> > > > David Gugick
>> > > > Quest Software
>> > > > www.imceda.com
>> > > > www.quest.com
>> > > >
>> > > >