Can someone give me a brief over view of how to encrypt a password and
store it in a MySQL DB, then be able to validate thier plain text
password on login against the encrypted one on the DB?

I'm guessing I:

1. encrypt the desired password with some sort of key (eg "blahblah")
which is hidden in a protected directory

2. write the encrypted password to the database

Next time the user logs in:

1. take thier plain-text password they submit to login

2. encrypt it with the same key

3. compare it to the one on the database

Or, is there something i'm missing, some sort of gaping big arse
security hole, or some set of functions which take care of a heap of
this stuff for me?

If someone could point me to the right encryption tools / links /
tutorials, i'd be gratefull.


Justin French

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to