Can I concatenate a virtual column in a view?

Question

Unfortunately, I have plaintext passwords in a database. I want to pass these plaintext values around as little as possible for, say, comparisons and updates. To this end, I'm trying to create a view of my Users table that excludes the plaintext passwords and instead provides a hashed value of that password.

Here's my current SQL Server view, which doesn't work:

SELECT CAST(CAST(32768 * RAND() AS INT) AS NVARCHAR) AS PasswordSalt
       HashBytes('SHA1', PasswordSalt + u.Password) AS PasswordHash
FROM dbo.Users AS u

I'd be happy to hear about alternatives to this approach, but otherwise the problem seems to be concatenating the virtual column PasswordSalt with.. anything. For instance, the following simple view works:

SELECT u.Login AS Column1, u.Login + 'b' AS Column2

but this one does not:

SELECT u.Login AS Column1, Column1 + 'b' AS Column2

The error I'm receiving from Management Studio is

Invalid column name 'Column1'.

Thanks in advance for any ideas about what I'm doing wrong!

Answer 1

The problem is occurring because the FROM clause of your statement indicates that the data to be selected comes from the Users table, but the SELECT part references a column named PasswordSalt. SQL Server cannot find a column with this name on the Users table, hence the error.

Alternative approach may be to generate the Salt in a subquery. For example

SELECT x.PasswordSalt,  HashBytes('SHA1', x.PasswordSalt + x.Password) AS PasswordHash FROM ( SELECT  CAST(CAST(32768 * RAND() AS INT) AS NVARCHAR) AS PasswordSalt, Password FROM dbo.Users) x

Answer 2

What about

SELECT CAST(CAST(32768 * RAND() AS INT) AS NVARCHAR) AS PasswordSalt 
       HashBytes('SHA1', CAST(CAST(32768 * RAND() AS INT) AS NVARCHAR) + u.Password) AS PasswordHash 
FROM dbo.Users AS u