Re: Password encryption

Rolf Hopkins Sun, 10 Jun 2001 07:12:58 -0700
Well, if you're using web pages, I've never thought much of passwords being
passed from one page to the next.  Too much at risk of being "sniffed" out
each time a page is submitted to the server.  I devised a way that creates a
random char string which changes each time a user logs on  and that gets
passed to the next page instead of the password itself.

Other than that, I don't think I can be much more help.

----- Original Message -----
From: "Leon Mergen" <[EMAIL PROTECTED]>
To: "Rolf Hopkins" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, June 10, 2001 22:09
Subject: Re: Password encryption


> Hello Rolf,
>
> I need the decoding option, since I need to have a password lookup
> function...
>
> Hmmm... offcourse, I *COULD* completely rewrite it, and instead of lookup
up
> a password, make it so that you can reset your password if you have
verified
> your email address or something.
>
> However, I wonder if rewriting this is worth the effort. I mean, I
probably
> will be busy 3 hours with it, to completely rewrite it, and fully test
> everything. And that is why I wonder if it's worth it, because I also like
> the option to decode the passwords of my members, if I have the encryption
> password...
>
> But basically, my question is: how great is the performance penalty caused
> by DECODE(), or is it low enough to forget about it? Because my system
> checks the password each page a member visits, and a member usually visits
> around 500 pages/day. So performance is quite important here ;)
>
> Thanks in advance,
>
> Leon Mergen
> [EMAIL PROTECTED]
> BlazeBox, Inc.
> ICQ: 55677353
>
> ----- Original Message -----
> From: "Rolf Hopkins" <[EMAIL PROTECTED]>
> To: "Leon Mergen" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Sunday, June 10, 2001 3:43 PM
> Subject: Re: Password encryption
>
>
> > I used the function password() if that helps but of course you can't
> > "decode" it.
> >
> > ----- Original Message -----
> > From: "Leon Mergen" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Saturday, June 09, 2001 22:44
> > Subject: Re: Password encryption
> >
> >
> > > Anyone has any idea how much this encryption method sucks up server
> load?
> > >
> > > _________________________________________
> > > Leon Mergen
> > > [EMAIL PROTECTED]
> > > President of Operations
> > > BlazeBox, Inc.
> > > ICQ: 55677353
> > >
> > >
> > > ----- Original Message -----
> > > From: "Joshua J. Kugler" <[EMAIL PROTECTED]>
> > > To: "Leon Mergen" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> > > Sent: Friday, June 08, 2001 9:47 PM
> > > Subject: Re: Password encryption
> > >
> > >
> > > > Look in the manual about the ENCODE/DECODE functions.
> > > >
> > > > j----- k-----
> > > >
> > > > On Friday 08 June 2001 10:28, you wrote:
> > > > > Hello all,
> > > > >
> > > > > I have some questions about password encryption. I want to make
some
> > > sort
> > > > > of encryption method that disables a human to read the password,
but
> > > does
> > > > > allow my (php) script to convert the encoded password to a
> > > human-readable
> > > > > password, the member originally entered and the member enters in
the
> > > form
> > > > > (if he or she has the password right) .
> > > > >
> > > > > In other words, I want a string to be encrypted and decrypted, if
> it's
> > > > > possible in the query.
> > > > >
> > > > > An example:
> > > > >
> > > > > insert into table values (encrypt("secret"));
> > > > > select decrypt(passfield) as pass from table;
> > > > >
> > > > > and here, pass will contain the value of "secret".
> > > >
> > > > --
> > > > Joshua Kugler, Information Services Director
> > > > Associated Students of the University of Alaska Fairbanks
> > > > [EMAIL PROTECTED], 907-474-7601
> > > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > Before posting, please check:
> > >    http://www.mysql.com/manual.php   (the manual)
> > >    http://lists.mysql.com/           (the list archive)
> > >
> > > To request this thread, e-mail <[EMAIL PROTECTED]>
> > > To unsubscribe, e-mail
> > <[EMAIL PROTECTED]>
> > > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
> >
> >
> > ---------------------------------------------------------------------
> > Before posting, please check:
> >    http://www.mysql.com/manual.php   (the manual)
> >    http://lists.mysql.com/           (the list archive)
> >
> > To request this thread, e-mail <[EMAIL PROTECTED]>
> > To unsubscribe, e-mail
> <[EMAIL PROTECTED]>
> > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
> >
> >


---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Password encryption

Reply via email to
