Masking Passwords in the Database???

[bentleygt]

I want to be able to mask the passwords once they are stored in the database. Right Now they are masked on the user screen, but after they are stored in the database you can see was the password is.

Can the text be stored as ***'s in the Database?
If so how can you do this? Would this be a PB function or is this a database specific function?

If they can be stored as ***'s in the database, then how can you know exactly what the password is?

Is what I'm asking, normally done in practice?

I'm using PB6.5 and SqlAnywhere 8 and MSSQL Server 7

 

[mbalent]

An easy way to prevent casual listing of passwords is to have a table which is not accessable by any public group. You would then retrieve the data via a stored procedure which accesses the table using an ID which has been granted access.

You can also come up with some simple substitution algorithm to change the password to some other string which is stored.