I have a table storing the login info, such as loginID, password, logTime, ... I create 2 stored procedures: one to encrypt and another to compare the password. Encrypting and comparing the password need a key. I'd like to know where should I keep the key. If I put in the store procedures or in my application, my development team will able to see it. And I want to know the best practices in keeping the key. Please advice.
Thank you.
You need to hash passwords not to encrypt them. Then you won't need a key at all.
Regardless where you store the password, it can ultimately be found. So if you want to hide it from other developers, it won't work.