How to encrypt a database coloumn in visual studio 2010 c#

Question

Hi Guys i have a oracle database connected to my website which i have created in visual studio 2010 using c# language. I have a table which has users passwords saved in the table.

When I input the password into the table it can be seen (which I do not want). I want it to be encrypted to ensure that password cannot be seen once entered into the database. Any help would be grateful. My user table looks like this:

Create TABLE users (
  user_id number(5) NOT NULL , 
  user_username VARCHAR(30), 
  user_password VARCHAR(20), 
  user_email VARCHAR(75), 
  user_street VARCHAR(50), 
  user_city VARCHAR(50), 
  user_state VARCHAR(2), 
  user_postcode VARCHAR(20), 
  user_phone VARCHAR(50),  
  PRIMARY KEY (user_id) 
) ;

Thanks

Encryption is done BEFORE it goes into your database. – JNYRanger Apr 18 '15 at 02:50 — JNYRanger, Apr 18 '15 at 02:50

score 0 · Answer 1 · answered Apr 18 '15 at 03:59

you can use hashing technique,

public class Security { public static string HashSHA1(string value) { var sha1 = System.Security.Cryptography.SHA1.Create(); var inputBytes = Encoding.ASCII.GetBytes(value); var hash = sha1.ComputeHash(inputBytes);

    var sb = new StringBuilder();
    for (var i = 0; i < hash.Length; i++)
    {
        sb.Append(hash[i].ToString("X2"));
    }
    return sb.ToString();
}

}

in visual studio , cmd.Parameters.AddWithValue("@password", password);

cmd.Parameters.AddWithValue("@password", Security.HashSHA1(password));

// will be stored as,

UserId | Username | Password

1 | AlluvialDeposit | mySecretPassword

2 | AlluvialDeposit | F032680299B077AFB95093DE4082F625502B8251

score 0 · Accepted Answer · edited May 23 '17 at 12:14

0

The best and usual way to store password is, store a hash of the password like below:-

HASHBYTES('SHA1', convert(VARCHAR(20), @user_password)

By adding hash you can check whether the password matches or not.

NOTE:- Here you might also not be knowing what is the actual password stored in the database column. So even if the hacker, hacks your complete database he still won't be able to know the password.

Also, you may search on the web for some more secure and encrypted things related to security.

Here are some more links:-

Querying encrypted values in the database

Best way to store password in the database

Encrpyt and Decrypt the username and password

Hope this much help to what you were looking for.

edited May 23 '17 at 12:14

Community

1
1

answered Apr 18 '15 at 06:51

Nad

4,605
11
71
160

Thanks for your reply do i put this code into the sql database or into visual studio somewhere? – tariqz118 Apr 19 '15 at 01:03
The above code has to be added in the visual studio on button click when you will be saving the data. Also u need to create a column in sql table where the encrypted password will be saved. – Nad Apr 19 '15 at 12:56

How to encrypt a database coloumn in visual studio 2010 c#

2 Answers2

UserId | Username | Password