Well, if you're using web pages, I've never thought much of passwords being
passed from one page to the next. Too much at risk of being "sniffed" out
each time a page is submitted to the server. I devised a way that creates a
random char string which changes each time a user logs on and that gets
passed to the next page instead of the password itself.
Other than that, I don't think I can be much more help.
----- Original Message -----
From: "Leon Mergen" <[EMAIL PROTECTED]>
To: "Rolf Hopkins" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, June 10, 2001 22:09
Subject: Re: Password encryption
> Hello Rolf,
>
> I need the decoding option, since I need to have a password lookup
> function...
>
> Hmmm... offcourse, I *COULD* completely rewrite it, and instead of lookup
up
> a password, make it so that you can reset your password if you have
verified
> your email address or something.
>
> However, I wonder if rewriting this is worth the effort. I mean, I
probably
> will be busy 3 hours with it, to completely rewrite it, and fully test
> everything. And that is why I wonder if it's worth it, because I also like
> the option to decode the passwords of my members, if I have the encryption
> password...
>
> But basically, my question is: how great is the performance penalty caused
> by DECODE(), or is it low enough to forget about it? Because my system
> checks the password each page a member visits, and a member usually visits
> around 500 pages/day. So performance is quite important here ;)
>
> Thanks in advance,
>
> Leon Mergen
> [EMAIL PROTECTED]
> BlazeBox, Inc.
> ICQ: 55677353
>
> ----- Original Message -----
> From: "Rolf Hopkins" <[EMAIL PROTECTED]>
> To: "Leon Mergen" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Sunday, June 10, 2001 3:43 PM
> Subject: Re: Password encryption
>
>
> > I used the function password() if that helps but of course you can't
> > "decode" it.
> >
> > ----- Original Message -----
> > From: "Leon Mergen" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Saturday, June 09, 2001 22:44
> > Subject: Re: Password encryption
> >
> >
> > > Anyone has any idea how much this encryption method sucks up server
> load?
> > >
> > > _________________________________________
> > > Leon Mergen
> > > [EMAIL PROTECTED]
> > > President of Operations
> > > BlazeBox, Inc.
> > > ICQ: 55677353
> > >
> > >
> > > ----- Original Message -----
> > > From: "Joshua J. Kugler" <[EMAIL PROTECTED]>
> > > To: "Leon Mergen" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> > > Sent: Friday, June 08, 2001 9:47 PM
> > > Subject: Re: Password encryption
> > >
> > >
> > > > Look in the manual about the ENCODE/DECODE functions.
> > > >
> > > > j----- k-----
> > > >
> > > > On Friday 08 June 2001 10:28, you wrote:
> > > > > Hello all,
> > > > >
> > > > > I have some questions about password encryption. I want to make
some
> > > sort
> > > > > of encryption method that disables a human to read the password,
but
> > > does
> > > > > allow my (php) script to convert the encoded password to a
> > > human-readable
> > > > > password, the member originally entered and the member enters in
the
> > > form
> > > > > (if he or she has the password right) .
> > > > >
> > > > > In other words, I want a string to be encrypted and decrypted, if
> it's
> > > > > possible in the query.
> > > > >
> > > > > An example:
> > > > >
> > > > > insert into table values (encrypt("secret"));
> > > > > select decrypt(passfield) as pass from table;
> > > > >
> > > > > and here, pass will contain the value of "secret".
> > > >
> > > > --
> > > > Joshua Kugler, Information Services Director
> > > > Associated Students of the University of Alaska Fairbanks
> > > > [EMAIL PROTECTED], 907-474-7601
> > > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > Before posting, please check:
> > > http://www.mysql.com/manual.php (the manual)
> > > http://lists.mysql.com/ (the list archive)
> > >
> > > To request this thread, e-mail <[EMAIL PROTECTED]>
> > > To unsubscribe, e-mail
> > <[EMAIL PROTECTED]>
> > > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
> >
> >
> > ---------------------------------------------------------------------
> > Before posting, please check:
> > http://www.mysql.com/manual.php (the manual)
> > http://lists.mysql.com/ (the list archive)
> >
> > To request this thread, e-mail <[EMAIL PROTECTED]>
> > To unsubscribe, e-mail
> <[EMAIL PROTECTED]>
> > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
> >
> >
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php