I have a table in which the userpassword field have varbinary datatype, So I'm confused that in which form should I save the data into userpassword field because when I save varchar data it gave me error.
A varbinary
column can store anything. To store a string in it, you'd have to cast it to varbinary
:
declare @t table (id int identity, pwd varbinary(50))
insert into @t (pwd) values (cast('secret' as varbinary(50)))
But for a password, a varbinary
column usually stores a hash of some kind. For example, a SHA1 hash using the HashBytes
function:
insert into @t (pwd) values (HashBytes('sha1', 'secret'));
Storing a one-way hash instead of the real password is more secure. You can check if the password matches:
select * from @t where pwd = HashBytes('sha1', 'secret')
But there is no way you can retrieve the password by looking at the table. So only the end user knows his password, and not even the DBA can retrieve it.