Encrypting data in tables

Hi,

While talking to a technical advisor at my webhosts regarding some difficult
ies
I was experiencing accessing the tables within MySql account, he was able to
view and tell me all the information stored within the tables.

Hmm I thought to myself. What if I want a table to store user names and
passwords so that people can log in to a members area. The technical advisor
s
would have direct access to all usernames and passwords. (Not a good idea!!)
 So
I phoned them back and was told that there was a way of encrypting the info
stored within a table so thats it contents are displayed as hashes and/or
asterisks.

Is this the solution?

If so, as a relative newbie to MySql and PHP how do I go about setting it al
l
up?

Any help greatly appreciated

Regards
Dynamo

It's easy. Write some simple hashing (unreversable encoding) function and st
ore hashed
passwords instead plain text passwords. This way restoring passwords from DB
 will
be almost impossible (if one does not know hashing function) or very time co
nsuming
(if one knows the hashing function).
Only way to check if user gave correct password is to hash it and compare it
with hash stored in DB.
This method has some flaws: you can't give user his password if he forgets i
t (you may
only generate him a new one, or let him do it himself after some alternate a
uthentication.

Hash function example (based on MD5 hash function):

<?php

function hash_password( $passwd )
{
return strrev( md5( 'my_first_modifier' . strrev( $password ) . 'my_second_m
odifier' ) );
}

function check_password( $password, $hash_from_db )
{
return (hash_password( $password ) === $hash_from_db);
}

?>


Hilarion

In article <cnnnfm$7el$1@news.onet.pl>, Hilarion says...
>
>It's easy. Write some simple hashing (unreversable encoding) function and s
tore
>hashed
>passwords instead plain text passwords. This way restoring passwords from D
B
>will
>be almost impossible (if one does not know hashing function) or very time
>consuming
>(if one knows the hashing function).
>Only way to check if user gave correct password is to hash it and compare i
t
>with hash stored in DB.
>This method has some flaws: you can't give user his password if he forgets 
it
>(you may
>only generate him a new one, or let him do it himself after some alternate
>authentication.
>
>Hash function example (based on MD5 hash function):
>
><?php
>
>function hash_password( $passwd )
>{
>return strrev( md5( 'my_first_modifier' . strrev( $password ) .
>'my_second_modifier' ) );
>}
>
>function check_password( $password, $hash_from_db )
>{
>  return (hash_password( $password ) === $hash_from_db);
>}
>
>?>
>
>
>Hilarion
>
>
Thank you. I'll give it a try

Dynamo

Dynamo wrote:
> In article <cnnnfm$7el$1@news.onet.pl>, Hilarion says...
> 
>
> Thank you. I'll give it a try
>
> Dynamo
>

Check out the MD5 Function as well.

J

On Sun, 21 Nov 2004 02:16:15 -0600, JAS wrote:

> Check out the MD5 Function as well.

You could also use one of MySQL's encryption functions:
http://dev.mysql.com/doc/mysql/en/E..._functions.html

--

.