Home/ Questions/Q 342071
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T10:46:07+00:00

How could i create a trigger that at any insertion on my table [users]

  • 0

How could i create a trigger that at any insertion on my table [users] will change automatically the content of its [password] field to its MD5 hash?

Ps: I do not want this being done at client side.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    SQL 2005 has HASHBYTES which will do what you want: http://msdn.microsoft.com/en-us/library/ms174415.aspx

    Just fire a trigger on UPDATE and INSERT using that function around your password and you have avoided storing plain text passwords. Better: write a stored procedure that does the hash and is used to update passwords. (This avoids the overhead of a trigger, which I avoid like the plague unless nothing else will do.)

    Here is an example I just hacked up:

    create table TestTrigger2 (
TestTriggerID int not null identity(1,1),
Hashed binary(50),
PasswordProxy nvarchar(50)
)

--select HashBytes('MD5', N'This string')

create trigger HashPass2 on TestTrigger2
instead of insert
as 
begin
  insert into TestTrigger2 (Hashed)
    select HashBytes('MD5', '@!98ABc'+PasswordProxy) from inserted
end

insert into TestTrigger2
(PasswordProxy)
values
('My password' )

select *
from TestTrigger2

    When you look at the result of the final query, you will note that PasswordProxy is NULL (it is just there to make a string usable for input) and the Hashed with have the hashed value. The garbage prepended to the PasswordProxy is a salt to avoid the rainbow attack mentioned (it will make your password hashes different from just hashing the base string). Pick something longer and of your own creation.

    • 0