when logging in, you hash the entered password, then do a select on
the
username, and the hashed password - if you get a record back, they are
authenticated. Doing it this way avoids ever having to decrypt a
password.
Only catch is if you offer a system that can email the password to a
user
I'd say the best is to not even use encryption, but a hash (message digest) instead.
Hash is sometimes called encryption, but it can't be decrypted.
A hash (it's available as a CF function) is a one-way mathematical function. There is
no decryption; only brute-force attack can tell you what
anyone can suggest what is the best method to encrypt password that stored
in the database?
---
Pharmaniaga Berhad, your integrated healthcare provider
www.pharmaniaga.com.my
www.ehealth4all.com, your most convenient way
My suggestion would be to use HASH (one-way encryption). Unless you have a
specific reason for needing to decrypt passwords.
anyone can suggest what is the best method to encrypt password that stored
in the database?
that can email the password to a user -
now you need to decrypt the password, which hashing does not support.
My 2 cents worth.
Shawn Grover
-Original Message-
From: Tony Schreiber [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 02, 2002 9:13 PM
To: CF-Talk
Subject: Re: best password
5 matches
Mail list logo