On Thu, Apr 18, 2002 at 04:28:44PM -0700, Jim Kraai wrote: > store them as two values: pgp encrypted, and hashed to confirm the decrypt. > > this is probably overkill for the password. might just want to store the > hash of the password, then when a user wants to log in, compare the hash > with the password they gave, hashed. of course this won't work if you ever > want to tell them what their password _was_. > > --jim > > -----Original Message----- > From: Chuck Esterbrook [mailto:[EMAIL PROTECTED]] > Sent: Thursday, April 18, 2002 4:20 PM > To: [EMAIL PROTECTED] > Subject: [Webware-discuss] encryption > > > I need to encrypt the passwords and credit card numbers in my database. > Any recommendations on an approach?
If there's any way to store the information behind a firewall, that would be the best. The webserver can encrypt it in memory (never saving it unencrypted in a file on the webserver) and send it via mail or socket to a process inside the firewall, which would insert it into the database. Of course, if you need to do inquiries based on the info, you'd also have to set up a way to pass the inquiries in and get the results out, in a way that doesn't reveal too much info if the inquiry scheme is cracked. -- -Mike (Iron) Orr, [EMAIL PROTECTED] (if mail problems: [EMAIL PROTECTED]) http://iron.cx/ English * Esperanto * Russkiy * Deutsch * Espan~ol _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
