yes, have a look at mcrypt(www.php.net/mcrypt) and decrypt(www.php.net/decrypt)

Bastien

From: "Kosala Atapattu" <[EMAIL PROTECTED]>
To: "Micah Stevens" <[EMAIL PROTECTED]>,<php-db@lists.php.net>
Subject: RE: [PHP-DB] Encrypting DB content
Date: Mon, 2 Jan 2006 13:20:47 +0600

This is bit off the topic...but is there a way to encrypt with a key and
decrypt it back to the same value I want to store. My requirement is
something like I want to store salaries of the executives of the
organization in a table, but not even the DBA should be able to see that
except the person who saved it.

Is this possible, through a DB level or using application level
components.

Kosala

> -----Original Message-----
> From: Micah Stevens [mailto:[EMAIL PROTECTED]
> Sent: Saturday, December 31, 2005 12:13
> To: php-db@lists.php.net
> Subject: Re: [PHP-DB] Encrypting DB content
>
>
> You can store an MD5, or SHA hash of the password, and then
> compare.. This is not an encrypted version of the password,
> rather a calculated hash of it. You can't (well, not without
> a bit of effort) decrypt this back into the password.
>
> The idea is when you store the password, you create the hash.
> Store the hash in the database. When the user logs in, take
> their password entry, generate a hash in the same way, and
> compare the two values.
>
> SHA2 is the most secure method to use of these two, I'd use that.
>
> The advantage is, the hash could be freely accessable to
> anyone, and it doesn't cause a security issue, where as all a
> hacker needs is the key to an encrypted database of passwords
> to reveal them all.
>
> That's the route I take anyhow.. This will likely start a
> huge conversation about how to secure your system up super
> tight, but remember the most secure server is one that isn't
> turned on. :) A realistic solution is somewhere in-between
> this and no security at all.
>
> -Micah
>
>
> On Friday 30 December 2005 8:15 pm, Chris Payne wrote:
> > Hi there everyone,
> >
> >
> >
> > I am about to launch the website for my complex where the
> homeowners
> > can login and check their billing status etc .. what is the
> best way,
> > with PHP and MySQL, to store an ENCRYPTED password into the
> database
> > so that if someone got into the DB they couldn't read the
> password but
> > if they enter it into the form on the site it still works?
> >
> >
> >
> > I'm not sure on the best way to do this and any help would
> be really
> > appreciated.
> >
> >
> >
> > Happy New Year everyone.
> >
> >
> >
> > Chris
>
> --
> PHP Database Mailing List (http://www.php.net/) To
> unsubscribe, visit: http://www.php.net/unsub.php
>
>



--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to