[AccessD] SQL Server Encrypted field

Jim Dettman jimdettman at verizon.net
Fri Jun 8 12:28:05 CDT 2012 

John,

 May not be understanding the requirements correctly, but couldn't you do
what Craig's list does, which sends/receives e-mails through it's service on
the behalf of the user and makes them anonymous at the same time?

Jim. 

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of jwcolby
Sent: Friday, June 08, 2012 11:32 AM
To: Access Developers discussion and problem solving
Subject: Re: [AccessD] SQL Server Encrypted field

And that is the general concept of what I am trying to do.  The user's email
password will probably 
be different from the account password for the user record in my database,
and of course either 
password could change at any time, and independently of the other password.
It's almost as if I 
need to use the database password to encrypt the email password.  If the
user changes either 
password then the email password needs to be encrypted with the then current
database password.

My bigger problem is that to this point I never stored passwords at all, I
just stored a hash.  That 
won't work here since I need the actual password to send the email.

John W. Colby
Colby Consulting

Reality is what refuses to go away
when you do not believe in it

On 6/8/2012 7:58 AM, Martin Reid wrote:
> John
>
> Just reading this on the web
>
> The business logic which I used is that, when a user is added through my
web application, on form submit event, I first get the user's information
from the form fields, encrypt the employee's password and then submit the
entire information into the user registration table. The password
information is encrypted in the user registration table. Now, when the user
enter into the application, provides userid and password, I just encrypt the
user provided password and match it with the employee table's password, so I
don't need to decrypt the database stored password again and again.
>
>
>
>
> -----Original Message-----
> From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Jim Dettman
> Sent: 08 June 2012 12:50
> To: 'Access Developers discussion and problem solving'
> Subject: Re: [AccessD] SQL Server Encrypted field
>
>
>   I don't understand why you wouldn't want to do an entire column and just
be done with it.
>
>   Encrypting on a record by record basis for one column as needed seems
more trouble then it's worth.
>
> Jim.
>
> -----Original Message-----
> From: accessd-bounces at databaseadvisors.com
> [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of jwcolby
> Sent: Friday, June 08, 2012 12:54 AM
> To: Access Developers discussion and problem solving
> Subject: Re: [AccessD] SQL Server Encrypted field
>
> I just want to discuss ideas of how to do this at all.  The built-in SQL
Server methods appear to be aimed at entire tables or columns.  Obviously
for what I want to do I need to encrypt each field of a specific column.
Fairly different.
>
> John W. Colby
> Colby Consulting
>
> Reality is what refuses to go away
> when you do not believe in it
>
> On 6/7/2012 9:54 AM, Charlotte Foust wrote:
>> So do you want to discuss how to do this using the built in SQL Server
>> features or through encryption/decription at the UI level?
>>
>> Charlotte Foust
>> On Wed, Jun 6, 2012 at 10:08 AM,
> jwcolby<jwcolby at colbyconsulting.com>wrote:
>>
>>> I need to store sensitive data in specific fields of specific tables.
>>> I find things like:
>>>
>>>
>
http://msdn.microsoft.com/en-**us/library/ms179331.aspx<http://msdn.microsof
> t.com/en-us/library/ms179331.aspx>
>>>
>>>
>>>
>>> Which discusses creating a certificate etc.  Hmm... what happens if
>>> the database is backed up?  What happens if I need to move the database?
>>>
>>> And of course my favorite SQL guy (Pinal Dave):
>>>
>>> http://blog.sqlauthority.com/**2009/04/28/sql-server-**
>>> introduction-to-sql-server-**encryption-and-symmetric-key-**
>>>
>
encryption-tutorial-with-**script/<http://blog.sqlauthority.com/2009/04/28/s
>
ql-server-introduction-to-sql-server-encryption-and-symmetric-key-encryption
> -tutorial-with-script/>
>>>
>>>
>>>
>>> In the end however what I want do (in this case) is to allow specific
>>> information to be encrypted / decrypted on a user specific basis, i.e.
>>> based on something user specific.
>>>
>>> Assume that users need to store their own Email Address, username and
>>> password in my database and then use that to send email "on their
behalf"
>>> from my system.  The database is used for generating Community
>>> Volunteer passes, and when the pass is created it is printed to PDF,
>>> attached to an email and mailed to one or more email address at a
>>> specific prison.  I
> have
>>> created a new GMail account with a username and password but it would
>>> be nice to allow each user to enter their own email address /
>>> username / password to send from so that if there are issues and the
>>> prison replies
> to
>>> the email, it gets back to them directly.  Using my current system it
> would
>>> come back to my general address.  Of course I can do a "do not
>>> respond to this email" kind of thing but I have already been asked if
>>> they can get responses.
>>>
>>> Obviously if I am going to store a user's email address, username and
>>> password it has to be encrypted, but furthermore it has to be
>>> retrievable only by that user.
>>>
>>> --
>>> John W. Colby
>>> Colby Consulting
>>>
>>> Reality is what refuses to go away
>>> when you do not believe in it
>>>
>>> --
>>> AccessD mailing list
>>> AccessD at databaseadvisors.com
>>>
>
http://databaseadvisors.com/**mailman/listinfo/accessd<http://databaseadviso
> rs.com/mailman/listinfo/accessd>
>>>
>>>
>>> Website:
> http://www.databaseadvisors.**com<http://www.databaseadvisors.com>
>>>
>>>
>>>
>
> --
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
>
> --
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
>

-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

More information about the AccessD mailing list