In SqlServer, What is the datatype to mask a field of a table ? I mean if I want to save a password in a table, entering to SQLServer I'd want to display "*****" instead of "hello".
Thanks...
There are HTML, .NET, and Win32 controls that can be used to mask user input as they're entering some sensitive data in your application.
If, however, you want to ensure that users can't query your database for the names and passwords of all of the other users of the database, then you'll want to use any of a variety of permissions on your database.
For instance, if some operation is being done on the user's behalf, you could control the permissions on a table containing sensitive data to allow only indirect access (e.g. allow a server process to insert, update, delete from the table on the user's behalf, but disallow direct manipulation of the underlying table by the user). This obviously requires some form of strong and reliable user authentication.
You could also use row and/or column level permissions to control the amount of data that a user is able to see. For example, row level security (applied correctly) would allow everyone to perform a SELECT username, password FROM users and only see the data from rows that they had specifically been given access to.
There is lots of good documentation on establishing permissions on securables (tables, views, columns, etc.) in the SQL Server Books Online. There is also an excellent article on this subject at: http://www.microsoft.com/technet/prodtechnol/sql/2005/multisec.mspx
No comments:
Post a Comment