| Author |
 Topic Search  Topic Options
|
twooly 
Groupie
Joined: 24 September 2003
Status: Offline
Points: 64
|
 Post Options
 Thanks(0)
 Quote  Reply
 Topic: Encrypt text
Posted: 02 October 2003 at 12:12pm |
I was just wandering if anyone knew how to encrypt text into a database. Basicly what I am doing is writting my own login page would like to encrypt the password field so it isn't in plain text.
Thanks
--Todd
|
 |
pmormr
Senior Member
Joined: 06 January 2003
Location: United States
Status: Offline
Points: 1479
|
Post Options
Thanks(0)
Quote Reply
Posted: 02 October 2003 at 6:41pm |
|
|
|
|
|
fernan82
Mod Builder Group
Joined: 17 November 2002
Location: United States
Status: Offline
Points: 362
|
Post Options
Thanks(0)
Quote Reply
Posted: 02 October 2003 at 6:49pm |
Or if you don't want to use components use the has1way function that comes with the WWForums, you can use it and distribute it as long as the header is not modified.....
With that function you just do something like this to encrypt the password:
Password = Trim(Password)
Salt = getSalt(Len(Password))
Password = HashEncode(Password & Salt)
That simple...
|
|
Bluefrog
Senior Member
Joined: 23 October 2002
Location: Korea, South
Status: Offline
Points: 1701
|
Post Options
Thanks(0)
Quote Reply
Posted: 02 October 2003 at 7:43pm |
|
I've pretty much settled on how I'm going to settle security from now on for my own site security. Self issued SSL certificates. Problem there is that you have to make your server an CA, which means that you had better decide on how to configure it before, because you lose some flexibility once you do install the CA functionality on it.
|
|
|
|
dpyers
Senior Member
Joined: 12 May 2003
Status: Offline
Points: 3937
|
Post Options
Thanks(0)
Quote Reply
Posted: 03 October 2003 at 1:33am |
|
When you issue your own cert, it shows up as not being from a trusted authority which scares some people. You may want to place a site entry page outside of the area covered by the cert that explains the trusted authority bit.
|
Lead me not into temptation... I know the short cut, follow me.
|
|
pmormr
Senior Member
Joined: 06 January 2003
Location: United States
Status: Offline
Points: 1479
|
Post Options
Thanks(0)
Quote Reply
Posted: 03 October 2003 at 11:00am |
|
that was a link for the information on the hash encoding used in web wiz forums...
|
|
|
|
fernan82
Mod Builder Group
Joined: 17 November 2002
Location: United States
Status: Offline
Points: 362
|
Post Options
Thanks(0)
Quote Reply
Posted: 03 October 2003 at 9:36pm |
 pmormr wrote:
that was a link for the information on the hash encoding used in web wiz forums... |
The function on WWF has a link to that page but it just says For more information on Password HASH Encoding, and SALT visit: http://local.15seconds.com/issue/000217.htm not that it's the same...
The encryption used in WWF uses a pure-ASP function to encrypt the passwords, that link just explains how HASH Encoding works and provide sample codes on how to use it using the Persits AspEncrypt component....
I don't know where Bruce got that function from as there's no link but I've taken it from WWF and used it on my own work a few times as the file comments say "Free to distribute as long as code is not modified, and header is kept intact"
Edited by fernan82
|
FeRnAN
|
|
pmormr
Senior Member
Joined: 06 January 2003
Location: United States
Status: Offline
Points: 1479
|
Post Options
Thanks(0)
Quote Reply
Posted: 04 October 2003 at 8:52am |
The header at the top of functions/functions_hash1way.asp wrote:
' Function takes a given length x and generates a random hex value of x digits.
' Salt can be used to help protect passwords. When a password is first stored in a
' database generate a salt value also. Concatenate the salt value with the password,
' and then encrypt it using the HashEncode function below. Store both the salt value,
' and the encrypted value in the database. When a password needs to be verified, take
' the password concatenate the salt from the database. Encode it using the HashEncode
' function below. If the result matches the the encrypted password stored in the
' database, then it is a match. If not then the password is invalid.
'
'
' Note: Passwords become case sensitive when using this encryption.
' For more information on Password HASH Encoding, and SALT visit: http://local.15seconds.com/issue/000217.htm
'
' Call this function if you wish to generate a random hex value of any given length
'
' Written By: Mark G. Jager
' Written Date: 8/10/2000
'
' Free to distribute as long as code is not modified, and header is kept intact |
|
|
|
|
