You can store an MD5, or SHA hash of the password, and then compare.. This is not an encrypted version of the password, rather a calculated hash of it. You can't (well, not without a bit of effort) decrypt this back into the password. The idea is when you store the password, you create the hash. Store the hash in the database. When the user logs in, take their password entry, generate a hash in the same way, and compare the two values. SHA2 is the most secure method to use of these two, I'd use that. The advantage is, the hash could be freely accessable to anyone, and it doesn't cause a security issue, where as all a hacker needs is the key to an encrypted database of passwords to reveal them all. That's the route I take anyhow.. This will likely start a huge conversation about how to secure your system up super tight, but remember the most secure server is one that isn't turned on. :) A realistic solution is somewhere in-between this and no security at all. -Micah On Friday 30 December 2005 8:15 pm, Chris Payne wrote: > Hi there everyone, > > > > I am about to launch the website for my complex where the homeowners can > login and check their billing status etc .. what is the best way, with PHP > and MySQL, to store an ENCRYPTED password into the database so that if > someone got into the DB they couldn't read the password but if they enter > it into the form on the site it still works? > > > > I'm not sure on the best way to do this and any help would be really > appreciated. > > > > Happy New Year everyone. > > > > Chris -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
