Friday, March 9, 2012

Encrypt password field

hello guys! i have a question hope you'll help me..how can i encrypt the data that is stored in my password field everytime i insert value to it and decrypt it if i want to retrieve it? thanks in advance!!I dont think you can in simple SQL. BUT some vendors (like Oracle) provide with functions specifically for that. E.g If you use Oracle 10g, you can use the Encrypt function, dbms_crypto...etc.

if you do use oracle 10g, here is a good link for that:

Mysql has a far simpler and equally powerful Encrypt function. just check out the manual if you do use Mysql.

or here is the link:

http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html

good luck|||Im sorry, somehow the link didnt show up. Here it is if you use 10g:

http://www.oracle.com/technology/pub/articles/oracle_php_cookbook/ullman_encrypt.html|||daimous, looking at all your other posts, i'm going to guess that you are using microsoft sql server, and therefore move this thread to that forum|||... in which case this will probably interest you :D

http://www.dbforums.com/showthread.php?t=1217730|||hello guys! i have a question hope you'll help me..how can i encrypt the data that is stored in my password field everytime i insert value to it and decrypt it if i want to retrieve it? thanks in advance!!
If you are decrypting passwords, you don't understand how they are supposed to be used. Passwords should not need to be decrypted.|||i need to decrypt my password from my database since i encrypted it before storing it to my database, in the first place. So before i can get the "REAL" password i need to decrypt it..right? well anyway, can i get some more inputs..|||i need to decrypt my password from my database since i encrypted it before storing it to my database, in the first place. So before i can get the "REAL" password i need to decrypt it..right?
Wrong.

You encrypt your password using some algorithm and store the results in the database.
When your user logs in with a password, thier password is encrypted using the same algorithm. If the results match what is stored in the database, the user's login is verified.

You can write a sproc to encrypt the submitted password and return success or failure after comparing to the stored encryption string.

Thus there is no need to decrypt passwords.
Posted by symbo at 1:43 AM
Labels: , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)