469,087 Members | 1,286 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,087 developers. It's quick & easy.

Encoding passwords in MySQL

I am developing a database application in which I store usernames and
passwords. Naturally I want to store the passwords in an encrypted form.
However, just like you see in many web applications, I want to be able
to email the users password back to them should they forget their old
password.

I looked at how to store the password data in MySQL and they recommend
using MD5 or SHA. Both of these appear to be one way encryption
routines. IOW once I encrypt and store the users password there is no
way to unencrypt it.

How can I store passwords in my SQL database such that I can convert
them back to plain text when the user requests them?
--
I went for a walk last night and my kids asked me how long I'd be gone.
I said, "The whole time."

Jul 19 '05 #1
12 11626
If you want to save password encrypted and want to decrypt it, you should
use a function for it which has some "user" input with it.
You cant use something like rot13 simply because this is almost standard
with PHP for this purpose and anyone with the encrypted password can decrypt
just as easily.
It's your choice but the best way is something like MD5 and if someone loses
it, just mail a new password to the mail-adress in the database and have the
user replace it with the next login.

"Andrew DeFaria" <An****@DeFaria.com> schreef in bericht
news:23**************************@msgid.meganewsse rvers.com...
I am developing a database application in which I store usernames and
passwords. Naturally I want to store the passwords in an encrypted form.
However, just like you see in many web applications, I want to be able
to email the users password back to them should they forget their old
password.

I looked at how to store the password data in MySQL and they recommend
using MD5 or SHA. Both of these appear to be one way encryption
routines. IOW once I encrypt and store the users password there is no
way to unencrypt it.

How can I store passwords in my SQL database such that I can convert
them back to plain text when the user requests them?
--
I went for a walk last night and my kids asked me how long I'd be gone.
I said, "The whole time."

Jul 19 '05 #2
Too Sexy wrote:
If you want to save password encrypted and want to decrypt it, you
should use a function for it which has some "user" input with it.
Like?
You cant use something like rot13 simply because this is almost
standard with PHP for this purpose and anyone with the encrypted
password can decrypt just as easily.
I'm not using PHP.
It's your choice
What choices do I have? I haven't heard any from you.
but the best way is something like MD5 and if someone loses it, just
mail a new password to the mail-adress in the database and have the
user replace it with the next login.


Yeah but how do other sites do it? Sites that do not email you back a
new password but sites who email you back your old password?

--
Your child may be an honor student but you're still an idiot.

Jul 19 '05 #3
If you want to save password encrypted and want to decrypt it, you should
use a function for it which has some "user" input with it.
You cant use something like rot13 simply because this is almost standard
with PHP for this purpose and anyone with the encrypted password can decrypt
just as easily.
It's your choice but the best way is something like MD5 and if someone loses
it, just mail a new password to the mail-adress in the database and have the
user replace it with the next login.

"Andrew DeFaria" <An****@DeFaria.com> schreef in bericht
news:23**************************@msgid.meganewsse rvers.com...
I am developing a database application in which I store usernames and
passwords. Naturally I want to store the passwords in an encrypted form.
However, just like you see in many web applications, I want to be able
to email the users password back to them should they forget their old
password.

I looked at how to store the password data in MySQL and they recommend
using MD5 or SHA. Both of these appear to be one way encryption
routines. IOW once I encrypt and store the users password there is no
way to unencrypt it.

How can I store passwords in my SQL database such that I can convert
them back to plain text when the user requests them?
--
I went for a walk last night and my kids asked me how long I'd be gone.
I said, "The whole time."

Jul 19 '05 #4
Too Sexy wrote:
If you want to save password encrypted and want to decrypt it, you
should use a function for it which has some "user" input with it.
Like?
You cant use something like rot13 simply because this is almost
standard with PHP for this purpose and anyone with the encrypted
password can decrypt just as easily.
I'm not using PHP.
It's your choice
What choices do I have? I haven't heard any from you.
but the best way is something like MD5 and if someone loses it, just
mail a new password to the mail-adress in the database and have the
user replace it with the next login.


Yeah but how do other sites do it? Sites that do not email you back a
new password but sites who email you back your old password?

--
Your child may be an honor student but you're still an idiot.

Jul 19 '05 #5

"Andrew DeFaria" <An****@DeFaria.com> schreef in bericht
news:b3***************************@msgid.meganewss ervers.com...
Too Sexy wrote:
If you want to save password encrypted and want to decrypt it, you
should use a function for it which has some "user" input with it.
Like?

I don't know any that's why I send new passwords.
You cant use something like rot13 simply because this is almost
standard with PHP for this purpose and anyone with the encrypted
password can decrypt just as easily.
I'm not using PHP.

Perl and ASP have these functions also standard implemented.
It's your choice
What choices do I have? I haven't heard any from you.

To use an encryption method which can also be decrypted
but the best way is something like MD5 and if someone loses it, just
mail a new password to the mail-adress in the database and have the
user replace it with the next login.
Yeah but how do other sites do it? Sites that do not email you back a
new password but sites who email you back your old password?

perhaps they don't encrypted, unfortunatly I don't now
--
Your child may be an honor student but you're still an idiot. I Think this wasn't meant personal ;)

In Short, I can't give you a function but I recommend you use md5 or
something and mail new password

You can also mail sites that give passwords back how they do it.

P.S. Most OS en Network software don't give passwords bakc because of the
security risc.
Jul 19 '05 #6

"Andrew DeFaria" <An****@DeFaria.com> schreef in bericht
news:b3***************************@msgid.meganewss ervers.com...
Too Sexy wrote:
If you want to save password encrypted and want to decrypt it, you
should use a function for it which has some "user" input with it.
Like?

I don't know any that's why I send new passwords.
You cant use something like rot13 simply because this is almost
standard with PHP for this purpose and anyone with the encrypted
password can decrypt just as easily.
I'm not using PHP.

Perl and ASP have these functions also standard implemented.
It's your choice
What choices do I have? I haven't heard any from you.

To use an encryption method which can also be decrypted
but the best way is something like MD5 and if someone loses it, just
mail a new password to the mail-adress in the database and have the
user replace it with the next login.
Yeah but how do other sites do it? Sites that do not email you back a
new password but sites who email you back your old password?

perhaps they don't encrypted, unfortunatly I don't now
--
Your child may be an honor student but you're still an idiot. I Think this wasn't meant personal ;)

In Short, I can't give you a function but I recommend you use md5 or
something and mail new password

You can also mail sites that give passwords back how they do it.

P.S. Most OS en Network software don't give passwords bakc because of the
security risc.
Jul 19 '05 #7
Too Sexy wrote:
--
Your child may be an honor student but you're still an idiot.
I Think this wasn't meant personal ;)


No, it's a tagline, not personal.
In Short, I can't give you a function but I recommend you use md5 or
something and mail new password

You can also mail sites that give passwords back how they do it.

P.S. Most OS en Network software don't give passwords bakc because of
the security risc.


It's as much a security risk to email a password in the first place.

--
I said "NO" to drugs, but they didn't listen.

Jul 19 '05 #8
Too Sexy wrote:
--
Your child may be an honor student but you're still an idiot.
I Think this wasn't meant personal ;)


No, it's a tagline, not personal.
In Short, I can't give you a function but I recommend you use md5 or
something and mail new password

You can also mail sites that give passwords back how they do it.

P.S. Most OS en Network software don't give passwords bakc because of
the security risc.


It's as much a security risk to email a password in the first place.

--
I said "NO" to drugs, but they didn't listen.

Jul 19 '05 #9
Seems like encode/decode would work for me but they don't seem to work!

mysql> select encode("password","secret");
+-----------------------------+
| encode("password","secret") |
+-----------------------------+
| 「LwY!* |
+-----------------------------+
1 row in set (0.00 sec)

mysql> select decode("「LwY!*","secret");
+----------------------------+
| decode("「LwY!*","secret") |
+----------------------------+
| passwo# |
+----------------------------+
1 row in set (0.00 sec)


--
I used to have an open mind but my brains kept falling out.

Jul 19 '05 #10
Seems like encode/decode would work for me but they don't seem to work!

mysql> select encode("password","secret");
+-----------------------------+
| encode("password","secret") |
+-----------------------------+
| 「LwY!* |
+-----------------------------+
1 row in set (0.00 sec)

mysql> select decode("「LwY!*","secret");
+----------------------------+
| decode("「LwY!*","secret") |
+----------------------------+
| passwo# |
+----------------------------+
1 row in set (0.00 sec)


--
I used to have an open mind but my brains kept falling out.

Jul 19 '05 #11
> Seems like encode/decode would work for me but they don't seem to work!

mysql> select encode("password","secret");
+-----------------------------+
| encode("password","secret") |
+-----------------------------+
| 「LwY!* |
+-----------------------------+
1 row in set (0.00 sec)

mysql> select decode("「LwY!*","secret");
+----------------------------+
| decode("「LwY!*","secret") |
+----------------------------+
| passwo# |
+----------------------------+
1 row in set (0.00 sec)
seems to work: mysql> select decode(encode("password","secret"),"secret");
Your're result is also wrong you forgot some characters: "「LwY!*"
Perhaps there's a problem with the strange characters, when you enter and
view them it might not be exact the same ASCII code.
It's as much a security risk to email a password in the first place. No Comment
--
I used to have an open mind but my brains kept falling out.

Ever tried ducktape, McGyver says it works

Jul 19 '05 #12
> Seems like encode/decode would work for me but they don't seem to work!

mysql> select encode("password","secret");
+-----------------------------+
| encode("password","secret") |
+-----------------------------+
| 「LwY!* |
+-----------------------------+
1 row in set (0.00 sec)

mysql> select decode("「LwY!*","secret");
+----------------------------+
| decode("「LwY!*","secret") |
+----------------------------+
| passwo# |
+----------------------------+
1 row in set (0.00 sec)
seems to work: mysql> select decode(encode("password","secret"),"secret");
Your're result is also wrong you forgot some characters: "「LwY!*"
Perhaps there's a problem with the strange characters, when you enter and
view them it might not be exact the same ASCII code.
It's as much a security risk to email a password in the first place. No Comment
--
I used to have an open mind but my brains kept falling out.

Ever tried ducktape, McGyver says it works

Jul 19 '05 #13

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Matt Schroeder | last post: by
reply views Thread by Jeremy Booker | last post: by
reply views Thread by Andrew DeFaria | last post: by
reply views Thread by Terry | last post: by
6 posts views Thread by Bartosz Wegrzyn | last post: by
2 posts views Thread by Carlone | last post: by
reply views Thread by zhoujie | last post: by
reply views Thread by kglaser89 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.