yes, have a look at mcrypt(www.php.net/mcrypt) and decrypt(www.php.net/decrypt)
Bastien
From: "Kosala Atapattu" <kosalaa@xxxxxxxxxxx> To: "Micah Stevens" <micah@xxxxxxxxxxxxxxxxxx>,<php-db@xxxxxxxxxxxxx> Subject: RE: Encrypting DB content Date: Mon, 2 Jan 2006 13:20:47 +0600 This is bit off the topic...but is there a way to encrypt with a key and decrypt it back to the same value I want to store. My requirement is something like I want to store salaries of the executives of the organization in a table, but not even the DBA should be able to see that except the person who saved it. Is this possible, through a DB level or using application level components. Kosala > -----Original Message----- > From: Micah Stevens [mailto:micah@xxxxxxxxxxxxxxxxxx] > Sent: Saturday, December 31, 2005 12:13 > To: php-db@xxxxxxxxxxxxx > Subject: Re: Encrypting DB content > > > You can store an MD5, or SHA hash of the password, and then > compare.. This is not an encrypted version of the password, > rather a calculated hash of it. You can't (well, not without > a bit of effort) decrypt this back into the password. > > The idea is when you store the password, you create the hash. > Store the hash in the database. When the user logs in, take > their password entry, generate a hash in the same way, and > compare the two values. > > SHA2 is the most secure method to use of these two, I'd use that. > > The advantage is, the hash could be freely accessable to > anyone, and it doesn't cause a security issue, where as all a > hacker needs is the key to an encrypted database of passwords > to reveal them all. > > That's the route I take anyhow.. This will likely start a > huge conversation about how to secure your system up super > tight, but remember the most secure server is one that isn't > turned on. :) A realistic solution is somewhere in-between > this and no security at all. > > -Micah > > > On Friday 30 December 2005 8:15 pm, Chris Payne wrote: > > Hi there everyone, > > > > > > > > I am about to launch the website for my complex where the > homeowners > > can login and check their billing status etc .. what is the > best way, > > with PHP and MySQL, to store an ENCRYPTED password into the > database > > so that if someone got into the DB they couldn't read the > password but > > if they enter it into the form on the site it still works? > > > > > > > > I'm not sure on the best way to do this and any help would > be really > > appreciated. > > > > > > > > Happy New Year everyone. > > > > > > > > Chris > > -- > PHP Database Mailing List (http://www.php.net/) To > unsubscribe, visit: http://www.php.net/unsub.php > >
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
