I am using GET DATA command for importing data from SQL server. I would like to use ENCRYPTED sub command. I can encrypt the password using Database Wizard.
I am writing the commands directly in a syntax editor, so I would like to avoid using Database Wizard. Is there any other tool for encrypting the password? I do not want to run the wizard just for the encryption of the password.
A stand alone tool for encrypting password would be nice.
Related
I am developing an application that'll decrypt encrypted files when a user successfully logs in. From what I understand, OpenSSL does not have a built-in function for this. So what I plan to do is zip up a folder and encrypt the zip file when I want to encrypt the directory and the reverse when I want to decrypt it. I will use the aes-256-cbc algorithm. The problem is, a user could change their password in my application, so the new password will generate different key and IV pair meaning that I can't decrypt the folder. Does anyone have any suggestions? Login credentials are verified on the server and encrypted zip files are located on the computer running the client application.
The problem is, a user could change their password in my application, so the new password will generate different key and IV pair meaning that I can't decrypt the folder.
The practice is not to use the user credentials to encrypt the data. If the user forgets his credentials, the user is done for.
Login credentials are verified on the server and encrypted zip files are located on the computer
That's actually giving you an option. If you don't want to store the encryption key on the client side, the server could send the key back as a part of the response and the client application could use it to decrypt or encrypt the data.
We have Artifactory OSS that currently use the default DB and we want to move to MS-SQL. According to the regular links - we need to write the MSSQL password in clear text in the db.properties file.
Can the password be encrypted somehow, so the Artifactory will know how to decrypt and use it
You should be able to activate encryption using the REST API. See the documented API.
This should create an encryption key and apply it on the db.properties where the username and password are stored.
I hope this helps.
What I found was that after switching to MS-SQL and starting Artifactory- Artifactory has encrypted the password.
In the admin->Security->Security Configuration there is a section for Password encryption that you can choose to encrypt all password in configuration files
I am trying to send an email using gmail smtp server. As the from address and password is needed for authentication, I have to set the same in web.config. And I wish the same to be in an encrypted format.
Ofcourse I am able to encrypt the values using' C:\Program Files (x86)\Ektron\CMS400v(x)\Utilities\ EncryptEmailPassword.exe' and so that I can set the values as encrypted form in Web.config file.
But how can I decrypt the values to its original form in code behind for the smtp server to authenticate.
I understand that you want to encrypt login and password stored in Web.config, best way to use it implemented in asp.net mechanism for that rather then Ektron.
Here you have an example how to do it on connectionstring but you can use any section to encrypt just change connectionstring parameter to something else.
http://msdn.microsoft.com/en-us/library/dtkwfdky.aspx
Short of de-compiling the Ektron code to obtain the keys, the encrypted text cannot be decrypted.
The Ektron encryption and app settings are for using the Ektron API to send emails. You don't need to decrypt because the Ektron library will do it for you.
As #Cezary states, one option is to not use Ektron email API and use ASP.Net.
I'm wondering how to encrypt my password column in SQL Server 2008. I've read this article, but I still have no idea how... is there an easier to understand tutorial? Thanks!
The usual practice is to store a hash of the password. Like:
HASHBYTES('SHA1', convert(varbinary(32), #password))
With a hash, you can verify if the password matches, but you don't know the password itself. So even if a hacker gains complete access to your database, he still does not know the passwords.
There are many tutorials on the web.
You should instead consider storing hashes of passwords instead of using encryption. In case you are unaware of the differences, a hash (also called a one way hash) takes an input and produces gobbledygook (called a hash) such that for the same input the same gobbledygook is produced. Authentication works by hashing what the user entered on the client and comparing it to the gobbledygook in the db. If they match, the passwords are the same. Without getting into specifics, hashes can never be reverted back to plain text which is their protection. Encryption however involves creating a cypher such that if you have the decryption key you can revert the cypher back to plain text.
If you are using SQL Server and ASP.NET, you should look into Forms Authentication with the SqlMembershipProvider.
Explained: Forms Authentication in ASP.NET 2.0
SqlMembershipProvider Class
An Overview of Forms Authentication
Microsoft have made this super-easy with the snappily named
FormsAuthentication.HashPasswordForStoringInConfigFile.
http://www.adventuresindevelopment.com/2009/05/23/a-simple-way-to-hash-passwords-in-aspnet/
I have a Windows batch file which runs periodically to update data on my MySQL database. I now want to make the batch file secure so that no-one can see the password used to connect to the database. I have thought of two potential solutions:
Encrypt the password in the batch file
Encrypt the entire file.
Id prefer to go with option 1. Is there a quick method to encrypt a password which can be used in a batch file?
Only encrypting the password just moves the problem to how you secure the decryption key.
If you're on NTFS you should secure the whole file instead. On the file properties encryption is accessed by the Advanced... button under Attributes, and access controls are on the Security tab.