|
»
»
»
Setting up passwords for program users
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
Setting up passwords for program users
by richard terry-2
::
Rate this Message:
I wondered if anyone had experience/code/examples of how to create/save
encrypted passwords in a database? Thanks in advance. Richard ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Gambas-user mailing list Gambas-user@... https://lists.sourceforge.net/lists/listinfo/gambas-user |
|
|
Re: Setting up passwords for program users
by Leonardo Miliani
::
Rate this Message:
richard terry ha scritto:
> I wondered if anyone had experience/code/examples of how to create/save > encrypted passwords in a database? > > Thanks in advance. > > Richard > > ------------------------------------------------------------------------- > Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! > Studies have shown that voting for your favorite open source project, > along with a healthy diet, reduces your potential for chronic lameness > and boredom. Vote Now at http://www.sourceforge.net/community/cca08 > _______________________________________________ > Gambas-user mailing list > Gambas-user@... > https://lists.sourceforge.net/lists/listinfo/gambas-user > The only and secure way to store a password in a file/db is to use an hash algorithm and stores only the hash of your password. I used SHA256 and/or MD5 (I prefer the first one, more robust). So: 1) ask you user to enter a password 2) create the hash of that password with SHA or MD5 3) store the hash 4) when the user logs in again, you compare the hash of the entered password with the hash of the stored one: if they are identical, the user has entered the original password Why use an hash? Because an hash is a cryptographic function that generates a check sum from which it is (or it should be) impossible to calculate the datas that have been generated it. -- Ciao. Leo. Web: www.leonardomiliani.com E-mail: leonardo@... Scegli software opensource - Choose opensource software Co-fondatore di Gambas-it.org Il sito di riferimento della comunità italiana degli utenti di Gambas www.gambas-it.org ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Gambas-user mailing list Gambas-user@... https://lists.sourceforge.net/lists/listinfo/gambas-user |
|
|
Re: Setting up passwords for program users
by richard terry-2
::
Rate this Message:
On Wed, 9 Jul 2008 08:27:38 am Leonardo Miliani wrote:
> richard terry ha scritto: > > I wondered if anyone had experience/code/examples of how to create/save > > encrypted passwords in a database? > > > > Thanks in advance. > > > > Richard Thanks, I searched the web ++ before a C++ programming mate of mine said "check your language, they all come with encryption stuff, so I noticed gb.crypt which says: Crypt.MD5 (gb.crypt) Syntax STATIC FUNCTION MD5 ( Password AS String [ , Prefix AS String ] ) AS String Crypts the string Password with the MD5 algorithm by using Prefix as prefix. Prefix must have a size of 8 characters, among: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./ If Prefix is not specified, it is randomized. So I'd assume I could use this, with your logic below as the implementation? Thanks for your info. > > ------------------------------------------------------------------------- > > Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! > > Studies have shown that voting for your favorite open source project, > > along with a healthy diet, reduces your potential for chronic lameness > > and boredom. Vote Now at http://www.sourceforge.net/community/cca08 > > _______________________________________________ > > Gambas-user mailing list > > Gambas-user@... > > https://lists.sourceforge.net/lists/listinfo/gambas-user > > The only and secure way to store a password in a file/db is to use an > hash algorithm and stores only the hash of your password. > I used SHA256 and/or MD5 (I prefer the first one, more robust). > So: > > 1) ask you user to enter a password > 2) create the hash of that password with SHA or MD5 > 3) store the hash > 4) when the user logs in again, you compare the hash of the entered > password with the hash of the stored one: if they are identical, the > user has entered the original password > > Why use an hash? Because an hash is a cryptographic function that > generates a check sum from which it is (or it should be) impossible to > calculate the datas that have been generated it. ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Gambas-user mailing list Gambas-user@... https://lists.sourceforge.net/lists/listinfo/gambas-user |
| Free Forum Powered by Nabble | Forum Help |