How do you encrypt certain fields of a mySQL database?

Toggle sidebar Toggle sidebar
D

dude8604

Platinum Member
Oct 3, 2001
2,680
0
0
I'm working on a signup php scipt that stores passwords. I want them to be encrypted. Is there a way to encrypt the passwords in the database and allow a login script to have access to it? Thanks.
 
A

Ameesh

Lifer
Apr 3, 2001
23,686
1
0
you can use php to encrypt and the store in db, you can use their login as an initialization vector and their password as a key.
 
yllus

yllus

Elite Member & Lifer
Aug 20, 2000
20,577
432
126
Originally posted by: dude8604
I'm working on a signup php scipt that stores passwords. I want them to be encrypted. Is there a way to encrypt the passwords in the database and allow a login script to have access to it? Thanks.
Click to expand...
When writing the password to the database (using an INSERT or maybe an UPDATE statement), use the MySQL PASSWORD function to encrypt that text. An example of usage:


INSERT INTO table VALUES
('username', PASSWORD('password'), 'someone@somewhere.com');


Simple, neh? Remember though that this is one-way encryption, there is no way to retrieve to clear text version of the password once it's been written. At that point, to for example verify if a user is logging in with the correct password, take a password in, run the MySQL PASSWORD function on what the user has supplied and compare that encrypted text to the encrypted password saved to the database. There you go, your password verification scheme.
 
GagHalfrunt

GagHalfrunt

Lifer
Apr 19, 2001
25,284
1,998
126
Originally posted by: dude8604
I'm working on a signup php scipt that stores passwords. I want them to be encrypted. Is there a way to encrypt the passwords in the database and allow a login script to have access to it? Thanks.
Click to expand...

If you want to encrypt passwords, use the simple PHP md5 command like:
$encrypted_pw = md5("$password");

A word of advice, if you're storing information like credit card numbers, then encrypt it. If you're just storing passwords for a forum log-in or something simple like that, don't encrypt at all. Anything that's securely encrypted can't be de-crypted, so if a person forgets a password it can't be retrieved and sent out. You'd need to go through the hassle of resetting it entirely, having the person log in with a temp password and giving them a method to change it back.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom