locked
Is it possible to retrieve the password securely from a login in SQL server 2005 ? RRS feed

  • Question

  • Hi all,

    I am using SQL server 2005. I am developing in c#. I would like to retrieve the password of a login in the database.

    Is it possible to achieve this ? How can i do this ?


    Thanks
    Friday, July 23, 2010 11:21 AM

Answers

  • It is not possible to retrieve the passwords for SQL Server logins from SQL Server.  In fact, it does not really know the password since it only stores the hash of the password.  At login time, a password string is hashed and compared with the saved hash.  If they are the same, then login succeeds.

    Of course, domain logins that access the SQL Server are authenticated by the domain and do not even have a hashed password in SQL Server.

    What are you trying to do with the password?  Perhaps there is a way to accomplish what you need.  (For example: PWDENCRYPT and PWDCOMPARE are useful for some purposes.  Beware the warnings, though.)

    Also, if you want to transfer the logins and passwords to another SQL Server, the hash is useful.  See:

    http://support.microsoft.com/kb/918992/en-us

    All the best,
    RLF

    • Edited by SQLWork Friday, July 23, 2010 7:54 PM spelling
    • Proposed as answer by Tom Li - MSFT Tuesday, July 27, 2010 8:41 AM
    • Marked as answer by Tom Li - MSFT Sunday, August 1, 2010 9:16 AM
    Friday, July 23, 2010 1:58 PM

All replies

  • It is not possible to retrieve the passwords for SQL Server logins from SQL Server.  In fact, it does not really know the password since it only stores the hash of the password.  At login time, a password string is hashed and compared with the saved hash.  If they are the same, then login succeeds.

    Of course, domain logins that access the SQL Server are authenticated by the domain and do not even have a hashed password in SQL Server.

    What are you trying to do with the password?  Perhaps there is a way to accomplish what you need.  (For example: PWDENCRYPT and PWDCOMPARE are useful for some purposes.  Beware the warnings, though.)

    Also, if you want to transfer the logins and passwords to another SQL Server, the hash is useful.  See:

    http://support.microsoft.com/kb/918992/en-us

    All the best,
    RLF

    • Edited by SQLWork Friday, July 23, 2010 7:54 PM spelling
    • Proposed as answer by Tom Li - MSFT Tuesday, July 27, 2010 8:41 AM
    • Marked as answer by Tom Li - MSFT Sunday, August 1, 2010 9:16 AM
    Friday, July 23, 2010 1:58 PM
  • No.

    SQL Server login password hashed while it stored on the SQL Server tables.

    Once it is hashed it can be retrieved as simple text / readable format.


    Sivaprasad S http://sivasql.blogspot.com Please click the Mark as Answer button if a post solves your problem!
    • Proposed as answer by Tom Li - MSFT Tuesday, July 27, 2010 8:41 AM
    Saturday, July 24, 2010 1:09 PM