> I would like to make my application a little more secure, > I've heard you can > encrypt the passwords in a MySQL database, how can I do this? A search for the word "encrypt" in mysql docs yields descriptions of the following functions: ENCRYPT(str[,salt]) ENCODE(str,pass_str) DECODE(crypt_str,pass_str) MD5(string) SHA1(string) SHA(string) AES_ENCRYPT(string,key_string) AES_DECRYPT(string,key_string) AES_ENCRYPT() and AES_DECRYPT() were added in version 4.0.2, and can be considered the most cryptographically secure encryption functions DES_ENCRYPT(string_to_encrypt [, (key_number | key_string) ] ) DES_DECRYPT(string_to_decrypt [, key_string]) I can envision a scenario where you would encrypt everything prior to adding it to the database, and then dcrypt the strings as you pull them out. It would work the same way as using addslashes/stripslashes when adding and extracting strings from the db, although it would be a little more processor-intensive. I have to wonder how much of a performance hit you would take on that sort of thing. Why not just increase the security surrounding access to the database. I dunno, let us know what else you come up with. matt -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
