Asked By
Brian
120 points
N/A
Posted on - 05/01/2011
Hi all,
I have created a database using MySQL and in password fields all the passwords are visible. When the database is dumped all the passwords including the administration passwords can be viewed in the file. How can hide the passwords using PHP?
Answered By
AkashED
0 points
N/A
#88482
Encrypting the passwords in a database
There is simple procedure doing it by encrypting the passwords using MD5 and put it into the database. It will restrict viewing the passwords by third party and it is not possible breaking the code and retrieving the password. Try applying the method using the build in function md5().
Answered By
asiri
0 points
N/A
#88483
Encrypting the passwords in a database
Best practice of storing passwords only after encrypting them. It will increase the security of the system. In PHP passwords can be encrypted easily using the function md5. for example:
md5($_POST['password'])
For further details on md5 refer to http://php.net/manual/en/function.md5.php
Answered By
Brian
120 points
N/A
#88484
Encrypting the passwords in a database
Thank you. I tried the function and It changes the passwords to some digits. By the way What is md5? Is it possible to regenerate the password?
Answered By
asiri
0 points
N/A
#88485
Encrypting the passwords in a database
MD5 means Message-Digest 5 is not actually a encryption technology, It is a cryptographic hash function which is performing mathematical functions on data. In encryption data or a file changed using an algorithm with a usage of a key and it is possible converting the data into the normal form by reversing the algorithm using the same key.
But in MD5 the mathematical functions performed in the data and created a hash value and it is not reversible. MD5 is used widely for applying security for the data.
There are some "decryption" going on MD5. But it is not actually decryption. They keep a database of the data and resulting hash. Once you are given the hash they search the database and if match found or by assuming a match they give the result. But those values are not accurate.
Answered By
AkashED
0 points
N/A
#88487
Encrypting the passwords in a database
MD5 or Message-Digest 5 is a reliable and widely used cryptographic function. It creates an unique value by performing functions on the data. MD5 is an one way ticket once it is encrypted it is not possible decrypting it.
Answered By
Brian
120 points
N/A
#88489
Encrypting the passwords in a database
If it is not possible decrypting the data how could I verify the passwords?
Answered By
asiri
0 points
N/A
#88491
Encrypting the passwords in a database
Brian,
It is quite simple. You must aware that Md5 generates a unique hash for a given string. This means:
$password = "as1561v1"
md5("as1561v1") == md5("as1561v1") == md5($password)
Therefore you can verify the password by generating the md5 hash on the entered password by the user. Just refer to the following SQL statement.
SELECT * FROM msgms_users WHERE username='.$username.' AND password='". md5($password) ."'"
I think you will understood how it has been done. If you have any problem don't hesitate and I will provide you with the full code if necessary.
Answered By
Brian
120 points
N/A
#88492
Encrypting the passwords in a database
Thank you very much for helping me out.
