Encrypting DB content THANK YOU and nlist help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi there,

Thank you for your help I really appreciate it :-)

I have one last question and you may (Or may not) be able to answer :-)  Do
you know how to sort the FTP nlist command?  I have it listing the FTP
directory once a video is uploaded and using nlist I can view the ENTIRE
listing, but I just need to be able to grab the latest filename from the
directory so that it can be added to a database.

Any help on that would be fantastic, I've read the PHP manual which is how I
managed to grab the entire directory listing on the server, but I just need
the last modified date to display (The last file uploaded).

Chris


You can store an MD5, or SHA hash of the password, and then compare.. This
is 
not an encrypted version of the password, rather a calculated hash of it.
You 
can't (well, not without a bit of effort) decrypt this back into the 
password.

The idea is when you store the password, you create the hash. Store the hash

in the database. When the user logs in, take their password entry, generate
a 
hash in the same way, and compare the two values. 

SHA2 is the most secure method to use of these two, I'd use that. 

The advantage is, the hash could be freely accessable to anyone, and it 
doesn't cause a security issue, where as all a hacker needs is the key to an

encrypted database of passwords to reveal them all. 

That's the route I take anyhow.. This will likely start a huge conversation 
about how to secure your system up super tight, but remember the most secure

server is one that isn't turned on. :) A realistic solution is somewhere 
in-between this and no security at all. 

-Micah 


On Friday 30 December 2005 8:15 pm, Chris Payne wrote:
> Hi there everyone,
>
>
>
> I am about to launch the website for my complex where the homeowners can
> login and check their billing status etc .. what is the best way, with PHP
> and MySQL, to store an ENCRYPTED password into the database so that if
> someone got into the DB they couldn't read the password but if they enter
> it into the form on the site it still works?
>
>
>
> I'm not sure on the best way to do this and any help would be really
> appreciated.
>
>
>
> Happy New Year everyone.
>
>
>
> Chris

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.9/216 - Release Date: 12/29/2005

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux