NEW LISTINGS 
HOT LISTINGS
TOP RATED
EDITOR PICK
ADD A LISTING
UPDATE A LISTING
GET RATED
UPGRADE A LISTING
HOT LISTINGS
TOP RATED
EDITOR PICK
ADD A LISTING
UPDATE A LISTING
GET RATED
UPGRADE A LISTING
How to Encrypt Passwords in the Database
2518
How to Encrypt Passwords in the Database
http://www.webcheatsheet.com/asp/md5_encrypt_passwords.php
If you are developing a password-protected web site, you have to make a decision about how to store user password information securely.
What is "secure," anyway? Realize that the data in your database is not safe. What if the password to the database is compromised? Then your entire user password database will be compromised as well. Even if you are quite certain of the security of your database, your users' passwords are still accessible to all administrators who work at the Web hosting company where your database is hosted. Scrambling the passwords using some home-brewed algorithm may add some obscurity but not true "security." Another approach would be to encrypt all passwords in your database using some industry-standard cipher, such as the Message-Digest Algorithm 5 (MD5).
MD5 encryption is a one-way hashing algorithm. Two important properties of the MD5 algorithm are that it is impossible to revert back an encrypted output to the initial, plain-text input, and that any given input always maps to the same encrypted value. This ensures that the passwords stored on the server cannot be deciphered by anyone. This way, even if an attacker gains reading permission to the user table, it will do him no good.
MD5 does have its weaknesses. MD5 encryption is not infallible: if the password is not strong enough, a brute force attack can still reveal it. So, you can ask: "Why should I use MD5 if I know it is not the most secure?" The answer is fairly straightforward: it's fast, it's easy, and it can be powerful if salted. The greatest advantage of MD5 is its speed and ease of use.
It is vitally important to understand that password encryption will not protect your website, it can protect your passwords only. If your website does not have sufficient protection, password encryption will not make it safe from cracking. If your system has been cracked, a hacker can inflict a irreparable damage to it and also gain an access to confidential information, including passwords database. But if you store this information encrypted, hackers practically cannot make use of it. Cracking an encrypted password takes a large amount of time and processing power, even on today's computers.
There are no built-in MD5 functions in ASP. To enable MD5 encryption you should include md5.asp.
So, let's start. First of all, you need to add a new account to your database. The following code allows to do it. ASP > Tips and Tutorials > Database-related Oct 10, 2006 WebCheatSheet
What is "secure," anyway? Realize that the data in your database is not safe. What if the password to the database is compromised? Then your entire user password database will be compromised as well. Even if you are quite certain of the security of your database, your users' passwords are still accessible to all administrators who work at the Web hosting company where your database is hosted. Scrambling the passwords using some home-brewed algorithm may add some obscurity but not true "security." Another approach would be to encrypt all passwords in your database using some industry-standard cipher, such as the Message-Digest Algorithm 5 (MD5).
MD5 encryption is a one-way hashing algorithm. Two important properties of the MD5 algorithm are that it is impossible to revert back an encrypted output to the initial, plain-text input, and that any given input always maps to the same encrypted value. This ensures that the passwords stored on the server cannot be deciphered by anyone. This way, even if an attacker gains reading permission to the user table, it will do him no good.
MD5 does have its weaknesses. MD5 encryption is not infallible: if the password is not strong enough, a brute force attack can still reveal it. So, you can ask: "Why should I use MD5 if I know it is not the most secure?" The answer is fairly straightforward: it's fast, it's easy, and it can be powerful if salted. The greatest advantage of MD5 is its speed and ease of use.
It is vitally important to understand that password encryption will not protect your website, it can protect your passwords only. If your website does not have sufficient protection, password encryption will not make it safe from cracking. If your system has been cracked, a hacker can inflict a irreparable damage to it and also gain an access to confidential information, including passwords database. But if you store this information encrypted, hackers practically cannot make use of it. Cracking an encrypted password takes a large amount of time and processing power, even on today's computers.
There are no built-in MD5 functions in ASP. To enable MD5 encryption you should include md5.asp.
So, let's start. First of all, you need to add a new account to your database. The following code allows to do it. ASP > Tips and Tutorials > Database-related Oct 10, 2006 WebCheatSheet
Write a Review
Add to My Favorite
Refer it to Friend
Report Broken Link
| |
|
||
| Bookmark How to Encrypt Passwords in the Database: |
|||
Other links at ASP > Tips and Tutorials > Database-related
Dropdown lists in HTML are very useful for multiple-option choices, especially within a web form that user needs to fill out.
Producing them dynamically from a database can saves a lot of time and energy.
In this example, we will use ASP 3.0 to generate dynamic dropdown lists from a Microsoft Access database. The database table in question contains fruit and vegetable types.
Producing them dynamically from a database can saves a lot of time and energy.
In this example, we will use ASP 3.0 to generate dynamic dropdown lists from a Microsoft Access database. The database table in question contains fruit and vegetable types.
Category:
ASP source code, we will pull some data from a database and fill it into a select list. We will create a custom and dynamic output.
Category:
Now everybody can connect to a database. Simple database access is a huge feature of ASP and one of the most widely used by developers but when you are first learning, it's hard to separate the database stuff from the rest of the code so I made this example
Category:
DSN Connections
In my earlier article on Accessing the database from ASP I explained connecting to database via DSN in a step by step mannner. So there is no need to repeat that again, you can see it from there.
DSN stands for 'Data Source Name'. It is an easy way to assign useful and easily rememberable names to data sources which may not be limited to databases alone e.g Excel spread sheet etc.
I will now skip the steps of creating and assigning DSN to a database, you can see them by clicking here. Once you are done creating a DSN for your data source ( database lets say ), you can connect to it using following code
In my earlier article on Accessing the database from ASP I explained connecting to database via DSN in a step by step mannner. So there is no need to repeat that again, you can see it from there.
DSN stands for 'Data Source Name'. It is an easy way to assign useful and easily rememberable names to data sources which may not be limited to databases alone e.g Excel spread sheet etc.
I will now skip the steps of creating and assigning DSN to a database, you can see them by clicking here. Once you are done creating a DSN for your data source ( database lets say ), you can connect to it using following code
Category:
5. ADO Connection, Command, and RecordSet object with simple SQL statements with ASP (Active Server Pag
Learn how to use the ADO Connection, Command, and RecordSet object with simple SQL statements with ASP (Active Server Pages).
Category:
Main Category
194
2041
824
286
175
1802
1238
913
1163
7489
70
909
59
2222
174
Join Mailing List
Joining mailing list will entitle you
to receive occasional emails informing you of news and
updates to the site and any special offers that may be
of interest to you.
Top 10
Directory Statistics
Links: 19539
Categories: 1275
Registered Users: 750
Mailing List Subscribers: 2046
Unique Outgoing Hits: 228075
Pagerank Statistics
PHP News