 |
 |
Find a programming school near you
php3-list | 199908
Date: 08/01/99
- Next message: Bryan Batchelder: "[PHP3] PHP Web based admin tool"
- Previous message: Henrik Johansson: "Re: [PHP3] Incremental strings?"
- In reply to: William Wan: "[PHP3] 2 way encrypt/decrypt function in PHP3?"
- Next in thread: Steve Lianoglou: "Re: [PHP3] 2 way encrypt/decrypt function in PHP3?"
- Reply: Steve Lianoglou: "Re: [PHP3] 2 way encrypt/decrypt function in PHP3?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello William,
On 01-Aug-99 06:53:48, you wrote:
>Is there any way to encrypt and decrypt a string in PHP3? We want to encrypt
>our user password and some sensitive information before saving it to the
>database but we need to pull it back for processing at a later time.
Processing? What kind of processing?
Once stored an encrypted version of a password I don't think you should
ever need to decrypt it. If you want to match it against what the user
entered, just encrypt that the same way and compare the encrypted versions.
To reduce the chances of having someone guessing what the password of the
user is by looking at the database and comparing it with the encrypted password
of some other user with a known password, you should use a random salt
prefix that would be used to encrypt the password and would be stored in
the database.
The encrypted password would be something like:
salt+encrypt(salt+password)
You may use the Unix crypt function but since the underlying algorithm
(typically DES) is not assured to be the same, you'd better user a more
standard one-way algorithm like md5().
In pages that take passwords from forms, I usually try to encrypt the
passwords before submiting using md5() as long as the user's browser is
Javascript enabled. This doesn't prevent an hacker with a sniffer to
intercept the data submitted in the form, but at least prevents him to know
what the password is in clear text.
You may see an example of this using a PHP class that I wrote and you
may find at:
http://phpclasses.UpperDesign.com/browse.html?package=1
Regards,
Manuel Lemos
Web Programming Components using PHP Classes.
Look at: email protected>?subject=Re:%20[PHP3]%202%20way%20encrypt/decrypt%20function%20in%20PHP3?&replyto=1820.882T2590T7785315mlemos <email protected>">mlemos <email protected>">http://phpclasses.UpperDesign.com/?user=mlemos <email protected>
-- E-mail: mlemos <email protected> URL: http://www.mlemos.e-na.net/ PGP key: http://www.mlemos.e-na.net/ManuelLemos.pgp ---- PHP 3 Mailing List <http://www.php.net/> To unsubscribe, send an empty message to php3-unsubscribe <email protected> To subscribe to the digest, e-mail: php3-digest-subscribe <email protected> To search the mailing list archive, go to: http://www.php.net/mailsearch.php3 To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Bryan Batchelder: "[PHP3] PHP Web based admin tool"
- Previous message: Henrik Johansson: "Re: [PHP3] Incremental strings?"
- In reply to: William Wan: "[PHP3] 2 way encrypt/decrypt function in PHP3?"
- Next in thread: Steve Lianoglou: "Re: [PHP3] 2 way encrypt/decrypt function in PHP3?"
- Reply: Steve Lianoglou: "Re: [PHP3] 2 way encrypt/decrypt function in PHP3?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
