Unfortunately, I have plaintext passwords in a database. I want to pass these plaintext values around as little as possible for, say, comparisons and updates. To this end, I'm trying to create a view of my Users table that excludes the plaintext passwords and instead provides a hashed value of that password.
Here's my current SQL Server view, which doesn't work:
SELECT CAST(CAST(32768 * RAND() AS INT) AS NVARCHAR) AS PasswordSalt
HashBytes('SHA1', PasswordSalt + u.Password) AS PasswordHash
FROM dbo.Users AS u
I'd be happy to hear about alternatives to this approach, but otherwise the problem seems to be concatenating the virtual column PasswordSalt with.. anything. For instance, the following simple view works:
SELECT u.Login AS Column1, u.Login + 'b' AS Column2
but this one does not:
SELECT u.Login AS Column1, Column1 + 'b' AS Column2
The error I'm receiving from Management Studio is
Invalid column name 'Column1'.
Thanks in advance for any ideas about what I'm doing wrong!