This is bit off the topic...but is there a way to encrypt with a key and
decrypt it back to the same value I want to store. My requirement is
something like I want to store salaries of the executives of the
organization in a table, but not even the DBA should be able to see that
except the person who saved it.

Is this possible, through a DB level or using application level
components. 

Kosala

> -----Original Message-----
> From: Micah Stevens [mailto:[EMAIL PROTECTED] 
> Sent: Saturday, December 31, 2005 12:13
> To: php-db@lists.php.net
> Subject: Re: [PHP-DB] Encrypting DB content
> 
> 
> You can store an MD5, or SHA hash of the password, and then 
> compare.. This is not an encrypted version of the password, 
> rather a calculated hash of it. You can't (well, not without 
> a bit of effort) decrypt this back into the password.
> 
> The idea is when you store the password, you create the hash. 
> Store the hash in the database. When the user logs in, take 
> their password entry, generate a hash in the same way, and 
> compare the two values. 
> 
> SHA2 is the most secure method to use of these two, I'd use that. 
> 
> The advantage is, the hash could be freely accessable to 
> anyone, and it doesn't cause a security issue, where as all a 
> hacker needs is the key to an encrypted database of passwords 
> to reveal them all. 
> 
> That's the route I take anyhow.. This will likely start a 
> huge conversation about how to secure your system up super 
> tight, but remember the most secure server is one that isn't 
> turned on. :) A realistic solution is somewhere in-between 
> this and no security at all. 
> 
> -Micah 
> 
> 
> On Friday 30 December 2005 8:15 pm, Chris Payne wrote:
> > Hi there everyone,
> >
> >
> >
> > I am about to launch the website for my complex where the 
> homeowners 
> > can login and check their billing status etc .. what is the 
> best way, 
> > with PHP and MySQL, to store an ENCRYPTED password into the 
> database 
> > so that if someone got into the DB they couldn't read the 
> password but 
> > if they enter it into the form on the site it still works?
> >
> >
> >
> > I'm not sure on the best way to do this and any help would 
> be really 
> > appreciated.
> >
> >
> >
> > Happy New Year everyone.
> >
> >
> >
> > Chris
> 
> --
> PHP Database Mailing List (http://www.php.net/) To 
> unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to