Possible Duplicate:
Preferred Method of Storing Passwords In Database
My problem is similar to this one discussed here: Best way to store password in database
I need to store passwords of external FTP logins in the database which will be used by the application. The solution of the linked topic is not applicable because it’s hashing the password.
I’m using C# and connecting to a SQL Server 2008. Does someone has an example solution? I think I just have to encrypt the password, store it in ecrypted form and if the application wants to use the password -> decrypt.
The best way of storing passwords is using a strong hash function, however, as in your case here you sometimes need to pass an unencrypted string to a 3rd-party library or service.
In this case I would use the strongest cipher (so you can reverse it) algorithm you could.
Always use a well-known, trusted and well-tested 3rd-party library for your encryption needs, it’s far to easy to this wrong unless you’re an expert in the field of encryption.
Since version 2005, SQL Server has had built-in hashing functions (direct in T-SQL) so may have built-in cipher functions as well, see T-SQL cryptographic functions for details and examples.
For FTP use it’s worth seeing if the FTP site supports secure FTP (FTPS) or FTP over SSH, note these are both different from SFTP which is not related to FTP except that it does the same job.
See FTP on Wikipedia.