I don't think the database will help you in any way, but it also probably won't hinder you. If you encrypt the password into printable characters, it should go into a string field without trouble.
However, anything that can be encrypted can be decrypted, so that is not necessarily the way to go. I haven't played with it personally, but my suspicion is that what you want is a one-way transformation - i.e. the result of passing the password against a conversion algorithm. This would be a one-way algorithm (e.g. a hashing algorithm) and you'd validate an entered password later by passing it through the algorithm too and comparing it with the stored result. This stored result needn't be a string - it can just as easily be a large integer. This way, the admin person can't work out what the user's password is - always a good thing, as users will often use the same password for many systems. But, of course, the admin can always break security in any number of other ways, by virtue of his/her close association with the equipment and possession of admin passwords. I.e. you won't have any trouble impersonating a user, regardless of the password mechanism in place. Dave S ----- Original Message ----- From: mark wills To: [EMAIL PROTECTED] Sent: Friday, July 16, 2004 8:11 PM Subject: [ASP] Encrypt passwords in Access DB Hi there. I am writing an 'classic' asp app. I would like to know if it's possible to store the passwords of each user in a user table in an encrypted form, so that the db admin person (i.e. me!!) can't impersonate users by viewing the Users table and simply using some elses username and password. Any thoughts on this friends? Mark Wills (UK) --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.720 / Virus Database: 476 - Release Date: 14/07/2004 [Non-text portions of this message have been removed] ------------------------ Yahoo! Groups Sponsor --------------------~--> Yahoo! Domains - Claim yours for only $14.70 http://us.click.yahoo.com/Z1wmxD/DREIAA/yQLSAA/17folB/TM --------------------------------------------------------------------~-> --------------------------------------------------------------------- Home : http://groups.yahoo.com/group/active-server-pages --------------------------------------------------------------------- Post : [EMAIL PROTECTED] Subscribe : [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] --------------------------------------------------------------------- Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/active-server-pages/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
