On 06/04/07 17:54, Guy Rouillier wrote:
> Ranieri Mazili wrote:
>> Hello,
>>
>> I need to store users and passwords on a table and I want to store it
>> encrypted, but I don't found documentation about it, how can I create
>> a table with columns "user" and "password" with column "password"
>> encrypted and how can I check if "user" and "password" are correct
>> using a sql query ?
>
> Many people consider two-way encryption to be insecure; two-way
> encryption means you can decrypt a value if you know the key, and it is
> insecure because you usually have to put the key into the source code.
> That means at least one person in your company, the programmer
> maintaining the source code, can learn all of your users' passwords.
Two-way encryption is needed for companies that store customer
credit cards.
But yes, I've always worried about that.
> One
> way around that is to hash the value instead. Then to validate, at
> runtime you hash the user-entered password using the same hash function,
> and validate that it matches the stored hash. No one in your company
> ever knows end-user passwords.
>
--
Ron Johnson, Jr.
Jefferson LA USA
Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!
