Home > Archive > PHP SQL > November 2004 > Encrypting data in tables
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Encrypting data in tables
|
|
| Dynamo 2004-11-20, 3:56 pm |
| Hi,
While talking to a technical advisor at my webhosts regarding some difficulties
I was experiencing accessing the tables within MySql account, he was able to
view and tell me all the information stored within the tables.
Hmm I thought to myself. What if I want a table to store user names and
passwords so that people can log in to a members area. The technical advisors
would have direct access to all usernames and passwords. (Not a good idea!!) So
I phoned them back and was told that there was a way of encrypting the info
stored within a table so thats it contents are displayed as hashes and/or
asterisks.
Is this the solution?
If so, as a relative newbie to MySql and PHP how do I go about setting it all
up?
Any help greatly appreciated
Regards
Dynamo
| |
| Hilarion 2004-11-20, 3:56 pm |
| It's easy. Write some simple hashing (unreversable encoding) function and store hashed
passwords instead plain text passwords. This way restoring passwords from DB will
be almost impossible (if one does not know hashing function) or very time consuming
(if one knows the hashing function).
Only way to check if user gave correct password is to hash it and compare it
with hash stored in DB.
This method has some flaws: you can't give user his password if he forgets it (you may
only generate him a new one, or let him do it himself after some alternate authentication.
Hash function example (based on MD5 hash function):
<?php
function hash_password( $passwd )
{
return strrev( md5( 'my_first_modifier' . strrev( $password ) . 'my_second_modifier' ) );
}
function check_password( $password, $hash_from_db )
{
return (hash_password( $password ) === $hash_from_db);
}
?>
Hilarion
| |
| Dynamo 2004-11-20, 3:56 pm |
| In article <cnnnfm$7el$1@news.onet.pl>, Hilarion says...
>
>It's easy. Write some simple hashing (unreversable encoding) function and store
>hashed
>passwords instead plain text passwords. This way restoring passwords from DB
>will
>be almost impossible (if one does not know hashing function) or very time
>consuming
>(if one knows the hashing function).
>Only way to check if user gave correct password is to hash it and compare it
>with hash stored in DB.
>This method has some flaws: you can't give user his password if he forgets it
>(you may
>only generate him a new one, or let him do it himself after some alternate
>authentication.
>
>Hash function example (based on MD5 hash function):
>
><?php
>
>function hash_password( $passwd )
>{
>return strrev( md5( 'my_first_modifier' . strrev( $password ) .
>'my_second_modifier' ) );
>}
>
>function check_password( $password, $hash_from_db )
>{
> return (hash_password( $password ) === $hash_from_db);
>}
>
>?>
>
>
>Hilarion
>
>
Thank you. I'll give it a try
Dynamo
| |
|
| Dynamo wrote:
> In article <cnnnfm$7el$1@news.onet.pl>, Hilarion says...
>
>
> Thank you. I'll give it a try
>
> Dynamo
>
Check out the MD5 Function as well.
J
| |
|
|
|
|
|