RE: Encrypting DB content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




yes, have a look at mcrypt(www.php.net/mcrypt) and decrypt(www.php.net/decrypt)

Bastien

From: "Kosala Atapattu" <kosalaa@xxxxxxxxxxx>
To: "Micah Stevens" <micah@xxxxxxxxxxxxxxxxxx>,<php-db@xxxxxxxxxxxxx>
Subject: RE:  Encrypting DB content
Date: Mon, 2 Jan 2006 13:20:47 +0600

This is bit off the topic...but is there a way to encrypt with a key and
decrypt it back to the same value I want to store. My requirement is
something like I want to store salaries of the executives of the
organization in a table, but not even the DBA should be able to see that
except the person who saved it.

Is this possible, through a DB level or using application level
components.

Kosala

> -----Original Message-----
> From: Micah Stevens [mailto:micah@xxxxxxxxxxxxxxxxxx]
> Sent: Saturday, December 31, 2005 12:13
> To: php-db@xxxxxxxxxxxxx
> Subject: Re:  Encrypting DB content
>
>
> You can store an MD5, or SHA hash of the password, and then
> compare.. This is not an encrypted version of the password,
> rather a calculated hash of it. You can't (well, not without
> a bit of effort) decrypt this back into the password.
>
> The idea is when you store the password, you create the hash.
> Store the hash in the database. When the user logs in, take
> their password entry, generate a hash in the same way, and
> compare the two values.
>
> SHA2 is the most secure method to use of these two, I'd use that.
>
> The advantage is, the hash could be freely accessable to
> anyone, and it doesn't cause a security issue, where as all a
> hacker needs is the key to an encrypted database of passwords
> to reveal them all.
>
> That's the route I take anyhow.. This will likely start a
> huge conversation about how to secure your system up super
> tight, but remember the most secure server is one that isn't
> turned on. :) A realistic solution is somewhere in-between
> this and no security at all.
>
> -Micah
>
>
> On Friday 30 December 2005 8:15 pm, Chris Payne wrote:
> > Hi there everyone,
> >
> >
> >
> > I am about to launch the website for my complex where the
> homeowners
> > can login and check their billing status etc .. what is the
> best way,
> > with PHP and MySQL, to store an ENCRYPTED password into the
> database
> > so that if someone got into the DB they couldn't read the
> password but
> > if they enter it into the form on the site it still works?
> >
> >
> >
> > I'm not sure on the best way to do this and any help would
> be really
> > appreciated.
> >
> >
> >
> > Happy New Year everyone.
> >
> >
> >
> > Chris
>
> --
> PHP Database Mailing List (http://www.php.net/) To
> unsubscribe, visit: http://www.php.net/unsub.php
>
>



--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux