We are running a database driven web site with thousands of registered users.
I would like to know what the industry standard /best practices are with respect to password protection. We have a SQL 2000 DB running on W2K server, and one of the tables in the DB stores the user ids and passwords.
How secure is this data and how can we protect this from hackers ? Can we store the data in encrypted form ? Does SQL Server / W2K have any security features that can help us ?
Caution: I'm far from an expert! A good start may be your W2K help file, look under "encryption, best practices." The EFS (Encrypted File System) may be what you're looking for. Also, this forum [winnetmag.com] is on topic and fairly active. Lastly, my apologies... This is the second time today that I suggested you try a different forum. My intent is that others here at WebmasterWorld will see your questions floated to the top of the active list and be able to offer some help. If not, at least you have some places to dig further.