I have a table in the SQL database called 'pur_users' with all the user information including a field call IDCode. If you were to look at this field all you would see is jibberish that makes no sense.

I have a program that decodes this to an english word, and encodes it as well. The program uses a master password that is actually in the program itself, and it and the user's password are mashed together to form the encoded field. It's not the most sophisticated method, but it works, and if someone opens the table it doesn't matter, they can't see the passwords for a user.

I suspect that there are better ways of doing this if you really need more security, like hash tables or PGS, but for my application this will suffice since no one has access to the SQL server itself except for the administrators who would have to know the encoding/decoding algorithm.

But this is for a purchasing application, and if anyone wants to purchase anything they have to go through a complicated checks and balances process anyway, involving supervisor approval, and an accounting department that does the paying, and also our fine internal auditing people are always on top of everything.

Does this answer your question?

CU