[Gambas-user] Crypt/Decrypt
ron
ronstk at ...239...
Thu Jan 19 18:09:37 CET 2006
On Thursday 19 January 2006 17:12, nando wrote:
> MD5 isn't used to decrypt.
> It's used to encrypt...one way only.
> For security and passwords: ** Do NOT ** compare decrypted secrets.
> Always compare encrypted secrets.
> When you make databases with passwords, you do not want to know
> passwords...store them encrypted and process with them encrypted.
> When passwords are forgotten, reset them to something.
> -Fernando
>
>
>
INSERT Name,LastName,HasAccess INTO Users VALUES("Rohnny","Stormo",true);
User logs in and give password
For MySQL
SELECT users.LastName, users.HasAccess FROM Users WHERE Name='Rohnny' AND passwrd=PASSWORD(thegivenpassword);
If record count=1 then he is known and the 'HasAccess' meaning should be clear to understand
or
SELECT passwrd FROM users WHERE name="Rohnny";
and use this
if MD5(thegivenpassword)= RESULT.Passwrd.value
and not this
if thegivenpassword = decript(RESULT.Passwrd.value)
and the best is to execute the query in nect line to get encodedpass
encodedpass = mysql_query("SELECT PASSWORD(thegivenpassword);")
if encodedpass = RESULT.Passwrd.value
This way encoding method of MySQL is almost always correct
btw:
Apache htpasswrd uses MD5 at Win... and Cript at Linux,
MySQL maybe does the same.
The 3 example catch this.
Ron
More information about the User
mailing list