homepage Welcome to WebmasterWorld Guest from 54.204.64.152
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
Forum Library, Charter, Moderators: coopster & jatar k & phranque

Perl Server Side CGI Scripting Forum

    
How to encrypt/decrypt passwords using MySQL & Perl
navdeeptalwar




msg:444497
 8:29 am on Jul 14, 2003 (gmt 0)

I had saved the passwords which the user had entered on registration in MySQL using the password() function of MySQL. But I am not able to compare it when the user tries to logon.
Are there any other methods of encrypting and decrypting values at server side?

 

Robber




msg:444498
 9:47 am on Jul 14, 2003 (gmt 0)

Hi and welcome to WW,

Rather than encrypting and decrypting you probably just want to store the encrypted version. When someone logs on encrypt their password using the same function and compare the encryptewd string to the on you have in your DB.

Cheers

hakre




msg:444499
 9:49 am on Jul 14, 2003 (gmt 0)

hi navdeeptalwar, welcome to webmasterworld [webmasterworld.com].

it's always a good thing to take a look in the manual first:
PASSWORD() encryption is non-reversible. PASSWORD() does not perform password encryption in the same way that Unix passwords are encrypted. See ENCRYPT(). Note: The PASSWORD() function is used by the authentication system in MySQL Server, you should NOT use it in your own applications. For that purpose, use MD5() or SHA1() instead. Also see RFC-2195 for more information about handling passwords and authentication securely in your application.

nevertheless i found an example [weberdev.weberdev.com] of someone who is using this function for password verification.

- hakre.

DrDoc




msg:444500
 6:50 am on Jul 19, 2003 (gmt 0)

Welcome to Webmaster World!

To be frank - you do not want to decrypt a password. Even if you had a working solution, it would greatly harm your security.

Instead, follow Robber's suggestion.

The crypt function would work really well. The following solution uses the first two letters of the password as salt. Finally, it only returns the last 11 characters (since the first two are the salt as plain text:

$cryptpwd = substr(crypt($pwd,substr($pwd,0,2)),2);

Now, store this value in your database. When someone logs in, simply encrypt the password the same way and compare it to the database value.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved