how to hide (encrypt) password in table ?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Nitya Kumar
    New Member
    • Mar 2012
    • 6
    #1

    how to hide (encrypt) password in table ?

    pls give me an example.. its my code but it shows password in table..

    Code:
    // TABLE CREATION

CREATE TABLE `test`.`pass_test` (
`user_id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`passwd` VARCHAR( 40 ) NOT NULL
) ;

<?php 

//PHP CODE

if(isset($_POST['submit']))
{
	$conn= mysql_connect("localhost","root","");
if ($conn)
  {
	  $password=$_POST['password'];		 
	  mysql_query("insert into `test`.`pass_test` set
	  `passwd`='$password'")or die("error"); 
	  
  } 
}
?>
    //HTML CODE...
    Code:
    <html>
<body>
<form name="first" method="post" action="">
<input type="password" name="password" />
<input type="submit" name="submit" value="Submit" />
</form>
</body>
<html>
    Last edited by PsychoCoder; Apr 1 '12, 05:40 PM. Reason: Code tags added
    Tags: None
    • PsychoCoder
      Recognized Expert Contributor
      • Jul 2010
      • 465
      #2
      If you look at this line you're not encrypting anything, just adding it to the database

      Code:
      `passwd`='$password'"
      I would use md5 to encrypt it before sending it to the database

      Code:
      `passwd`='md5($password')"
      NOTE: You adding data from the users without cleaning it or anything, making it wide open for SQL Injection attacks and more. I would sanitize the data using mysql_real_esca pe_string

        Comment

        • Nitya Kumar
          New Member
          • Mar 2012
          • 6
          #3
          thanks thank u very much..

            Comment

            • Bharat383
              New Member
              • Aug 2011
              • 93
              #4
              /// use the base64_encode($ password) to incrypt and use base64_decode to get real password string.

              while you use base64_encode() function you will get encryption password string store in table than no one gets ideas what's your password. And when you want to retrive your origional password then use base64_decode() .

              if you use MD5() then in future you have not any chance to retrive your origional password...

              Bharat Parmar(Bharat38 3)

                Comment

                • Rabbit
                  Recognized Expert MVP
                  • Jan 2007
                  • 12517
                  #5
                  Never use a reversible encryption to store passwords. Use the MD5 hash. There is no reason to ever need to retrieve the original password.

                    Comment

                    • johny10151981
                      Top Contributor
                      • Jan 2010
                      • 1059
                      #6
                      Agreed with Guru Rabbit.
                      To Bharat:
                      the purpose of a secure password is not to get stolen; What if some how some one stole the entire database? it can happen; what if the engineer take a copy of the table with him when he leave the company? he has all the user name and password.

                      to PsychoCoder: which one should be better using MD5 function or using PASSWORD function? what is difference?

                        Comment

                        • Dormilich
                          Recognized Expert Expert
                          • Aug 2008
                          • 8694
                          #7
                          which one should be better using MD5 function or using PASSWORD function? what is difference?
                          (though I’m not PsychoCoder)

                          neither. PASSWORD() is an internal MySQL function for account management while MD5() is insecure (you can easily find a collision). I would recommend RIPEMD160, SHA256 or Whirlpool coupled with a HMAC salt (cf. hash_hmac())

                            Comment

                            • johny10151981
                              Top Contributor
                              • Jan 2010
                              • 1059
                              #8
                              This is interesting, I would take a closer look at it.

                                Comment

                                Previous template Next
                                Working...