Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What data can be stored in varbinary data type of SQL Server?

Tags:

I have a table in which the userpassword field have varbinary datatype, So I'm confused that in which form should I save the data into userpassword field because when I save varchar data it gave me error.

like image 524
Fraz Sundal Avatar asked Jul 18 '10 12:07

Fraz Sundal


1 Answers

A varbinary column can store anything. To store a string in it, you'd have to cast it to varbinary:

declare @t table (id int identity, pwd varbinary(50)) insert into @t (pwd) values (cast('secret' as varbinary(50))) 

But for a password, a varbinary column usually stores a hash of some kind. For example, a SHA1 hash using the HashBytes function:

insert into @t (pwd) values (HashBytes('sha1', 'secret')); 

Storing a one-way hash instead of the real password is more secure. You can check if the password matches:

select * from @t where pwd = HashBytes('sha1', 'secret') 

But there is no way you can retrieve the password by looking at the table. So only the end user knows his password, and not even the DBA can retrieve it.

like image 196
Andomar Avatar answered Oct 22 '22 15:10

Andomar