View Single Post
Old 03-11-2009, 09:52 AM
ericb1 ericb1 is offline
Junior Member
Join Date: Mar 2009
Posts: 3
Default .net app passwords

Any help is appreciated. I administer a .net web application, and we have some employees who run queries and build reports, etc. off the data, which is stored in SQL2005.

I've noticed that some of them make local copies of some tables to work with locally, but the "account" table has all the users passwords stored in them. Now, they're stoed in an encrypted state, but from a security standpoint, I was wondering how bad this is. Is there any known way to reverse these passwords to reveal them?

I was going to disallow the storing of these passwords, but if it's not a real security risk, then I wasn't going to make a big deal out of it.

Any insights are appreciated, thanks!
Reply With Quote