If you are developing a password-protected web site, you have to make a decision about how to store user password information securely.

What is "secure," anyway? Realize that the data in your database is not safe. What if the password to the database is compromised? Then your entire user password database will be compromised as well. Even if you are quite certain of the security of your database, your users' passwords are still accessible to all administrators who work at the Web hosting company where your database is hosted. Scrambling the passwords using some home-brewed algorithm may add some obscurity but not true "security." Another approach would be to encrypt all passwords in your database using some industry-standard cipher, such as the Message-Digest Algorithm 5 (MD5).

MD5 encryption is a one-way hashing algorithm. Two important properties of the MD5 algorithm are that it is impossible to revert back an encrypted output to the initial, plain-text input, and that any given input always maps to the same encrypted value. This ensures that the passwords stored on the server cannot be deciphered by anyone. This way, even if an attacker gains reading permission to the user table, it will do him no good.

MD5 does have its weaknesses. MD5 encryption is not infallible: if the password is not strong enough, a brute force attack can still reveal it. So, you can ask: "Why should I use MD5 if I know it is not the most secure?" The answer is fairly straightforward: it's fast, it's easy, and it can be powerful if salted. The greatest advantage of MD5 is its speed and ease of use.

It is vitally important to understand that password encryption will not protect your website, it can protect your passwords only. If your website does not have sufficient protection, password encryption will not make it safe from cracking. If your system has been cracked, a hacker can inflict a irreparable damage to it and also gain an access to confidential information, including passwords database. But if you store this information encrypted, hackers practically cannot make use of it. Cracking an encrypted password takes a large amount of time and processing power, even on today's computers.

There are no built-in MD5 functions in ASP. To enable MD5 encryption you should include md5.asp.


So, let's start. First of all, you need to add a new account to your database. The following code allows to do it.

In this tutorial you are going to learn everything in detail step by step you'll ever want to know about inserting binary data ( images, zip files etc ) into database. This is actually first of the three articles I am going to write on manipulating binary data in the database. After this article you'll be able to upload binary data into database, then in second article you'll learn to get this data out of database and show it as you like and finally in the third article I'll explain uploading files. All of this is going to be plain ASP ( VBScript ) and nothing else, so stay tuned

In the tutorials so far we have learned from connecting to the database via ASP to inerting, updating and selecting data from the database.

The area we waste a lot of database time is when we show records to the user and in the mean time keep our database connection open. Following example illustrates this point :

This source code displays results dividing to pages. Code provides Next Previous page links with numeric page numbers. You may modify source code to use with MS SQL or MS Access database. For this example, we have used MS SQL Server using sample database Northwind.

This is a topic I've seen covered by others in the past but never in enough detail to satisfy me. This technique is extremely powerful and can yield huge performance gains over non-cached queries and therefore deserves more attention.