database table security with varchar column

Question

sanjeewa.abeywardana

9 Years Ago

I have heard that table security for data stored in the table can be made by storing Hashbyte data in a column.

So anyone comes and change values manually in a table will be identified and that record be ommited for further calculation

Need help on these areas

CREATE TABLE [dbo].[sample1](
code varchar(50) NULL,
[hashcol] varchar(100) NULL
) ON [PRIMARY]
GO

using 2012 VS and ADO .NET with sql server 2008

this is my table and trying to insert hashbyte data to hashcol column from csharp application

HOW TO GENERATE HASHBYTE VALUE FROM CSHARP ?

I have used this

public static byte[] SHA512(String plaintext)
{
  // convert the passPhrase string into a byte array
  ASCIIEncoding AE = new ASCIIEncoding();
  byte[] passBuff = AE.GetBytes(plaintext);

  SHA512Managed hashVal = new SHA512Managed();
  byte[] passHash = hashVal.ComputeHash(passBuff);

  return passHash;
}

need better guide/example
2)how to regenerate hashcol value automatically if some one changed existing record?
3) how to compare 2 values , both old and existing hashed values from database and csharp application

Hope for some guide since I'm new to these security measures

c#

Edited 9 Years Ago by sanjeewa.abeywardana

2 Contributors
1 Reply
190 Views
18 Hours Discussion Span
Latest Post 9 Years Ago Latest Post by Ketsuekiame

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Ketsuekiame 860 Master Poster Featured Poster · Answer 1 · 2015-01-19T13:00:39+00:00

Ok so the only way this would really provide security is if you used some unknown password (referred to as salt) to generate the hashes. Otherwise, anyone would be able to modify the table and then generate the hash to make it look like it hadn't been tampered with.

Using a salt could be as simple as hardcoding a string into your application and appending it to your value that will be hashed.

...

string myVal = "ValueToBeHashed";
const string Salt = "asgG&T£$Juu";

string computeValue = String.Concat(myVal, Salt);
SHA512Managed hasher = new SHA512Managed();
byte[] hashValue = hasher.ComputeHash(computeValue);

...

Secondly, you don't want to make anything but your application be able to automatically compute the value. If you set your database to do it, then you don't gain anything in terms of security. This is because as soon as the offender updates the database, the database would recompute the hash value for them.

To compare the two, you simply need to perform the hash step again and perform a Array.SequenceEqual between the two hashed byte arrays.

I supposed I ought to point out that this won't help protect your database, but it will help discover evidence of tampering.