tags:

views:

147

answers:

2
+2  Q: 

Can I concatenate a virtual column in a view?

Unfortunately, I have plaintext passwords in a database. I want to pass these plaintext values around as little as possible for, say, comparisons and updates. To this end, I'm trying to create a view of my Users table that excludes the plaintext passwords and instead provides a hashed value of that password.

Here's my current SQL Server view, which doesn't work:

SELECT CAST(CAST(32768 * RAND() AS INT) AS NVARCHAR) AS PasswordSalt
       HashBytes('SHA1', PasswordSalt + u.Password) AS PasswordHash
FROM dbo.Users AS u

I'd be happy to hear about alternatives to this approach, but otherwise the problem seems to be concatenating the virtual column PasswordSalt with.. anything. For instance, the following simple view works:

SELECT u.Login AS Column1, u.Login + 'b' AS Column2

but this one does not:

SELECT u.Login AS Column1, Column1 + 'b' AS Column2

The error I'm receiving from Management Studio is

Invalid column name 'Column1'.

Thanks in advance for any ideas about what I'm doing wrong!

+1  A: 

The problem is occurring because the FROM clause of your statement indicates that the data to be selected comes from the Users table, but the SELECT part references a column named PasswordSalt. SQL Server cannot find a column with this name on the Users table, hence the error.

Alternative approach may be to generate the Salt in a subquery. For example

SELECT x.PasswordSalt,  HashBytes('SHA1', x.PasswordSalt + x.Password) AS PasswordHash FROM ( SELECT  CAST(CAST(32768 * RAND() AS INT) AS NVARCHAR) AS PasswordSalt, Password FROM dbo.Users) x

Julian Martin  2010-03-03 22:58:21
That did the trick! Thanks for the elegant solution!
ladenedge  2010-03-04 06:26:17
A: 

What about

SELECT CAST(CAST(32768 * RAND() AS INT) AS NVARCHAR) AS PasswordSalt 
       HashBytes('SHA1', CAST(CAST(32768 * RAND() AS INT) AS NVARCHAR) + u.Password) AS PasswordHash 
FROM dbo.Users AS u
unclepaul84  2010-03-03 23:17:55
This one seems problematic because I need to ensure that the *PasswordSalt* virtual column contains the same value that is hashed with the password. If they ever differ, consumers won't be able to verify the passwords match.
ladenedge  2010-03-04 06:10:59
I believe that no matter how many times you call Rand() it will return same value for each row in the set
unclepaul84  2010-03-04 15:38:41

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?