meenakshidhar
Programmer
hi friends...
i want to store my password in encrypted form in SQL server database..
Regards
Meenakshi Dhar
i want to store my password in encrypted form in SQL server database..
Regards
Meenakshi Dhar
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
encrypted password
- Thread starter meenakshidhar
- Start date
- Status
There are components that will encrypt/decrypt text. If you don't need to decrypt passwords and security is your objective, then do a hash (checksum) of the password and store that. MD5 checksum is one example. When the user want to login, in your ASP page, you do a checksum of the password and compare the checkum to the value stored in the DB. This way, you don't have to store the admin password to encrypt/decrypt on the server.
Hope this helps.
Hope this helps.
- Thread starter
- #3
Ok, get a free MD5 component from here:
When the user registers, do an MD5 checksum on the password they selected (or you provided from them). Example:
Dim objMD5, strMD5
Set objMD5 = Server.CreateObject("XStandard.MD5"
strMD5 = objMD5.GetCheckSumFromString("The Password"
The MD5 looks something like this:
e447f552ceeb71337f4a3b6f0421d4b8
It's a 32 character string and is like a fingerprint of the password. There is no way to figure out what the password is based solely on the MD5.
Save the MD5 into the database instead of the password. When the user logs in, they enter their password, you do an MD5 checkum on what they typed in, and compare it with what is stored in the database. If the two MD5's match, then the user entered the correct password.
Keep in mind that MD5 checksum is case-sensitive. If you want to make passwords case insensitive, lowercase them before you do the MD5.
Hope this helps.
When the user registers, do an MD5 checksum on the password they selected (or you provided from them). Example:
Dim objMD5, strMD5
Set objMD5 = Server.CreateObject("XStandard.MD5"
strMD5 = objMD5.GetCheckSumFromString("The Password"
The MD5 looks something like this:
e447f552ceeb71337f4a3b6f0421d4b8
It's a 32 character string and is like a fingerprint of the password. There is no way to figure out what the password is based solely on the MD5.
Save the MD5 into the database instead of the password. When the user logs in, they enter their password, you do an MD5 checkum on what they typed in, and compare it with what is stored in the database. If the two MD5's match, then the user entered the correct password.
Keep in mind that MD5 checksum is case-sensitive. If you want to make passwords case insensitive, lowercase them before you do the MD5.
Hope this helps.
BeginnerProgrammer
Technical User
If I do something like this and if ASP is executed on the server, then aren't I sending the password to the server in plain text?
You need to protect the page via SSL to keep transmitted info secure. You'll get a certificate for your web server, install it, and use https:// on pages that need the data to be secure (checking the submitted info's servervariables to ensure that ssl really is being used on the page).
The great explanation of using MD5 is how to keep the password from existing on your server (other than in temporary memory while it's being submitted and stored).
The great explanation of using MD5 is how to keep the password from existing on your server (other than in temporary memory while it's being submitted and stored).
trollacious
Programmer
Or encrypt the password with Javascript on the client side and just send the hash value to the server to compare with what's in the database. That's what I've done to avoid the lag in secure website processing.
ChrisHirst
IS-IT--Management
I suppose you could have searched the forum for "encryption" and found this,
thread333-891325
Chris.
Indifference will be the downfall of mankind, but who cares?
A website that proves the cobblers kids adage.
Nightclub counting systems
So long, and thanks for all the fish.
thread333-891325
Chris.
Indifference will be the downfall of mankind, but who cares?
A website that proves the cobblers kids adage.
Nightclub counting systems
So long, and thanks for all the fish.
trollacious
Programmer
No, a one-way hash isn't reversible. Basically the only way to hack the password is brute force, trying all sorts of combinations.
- Status
Similar threads
- Locked
- Question
- Locked
- Question