-
Simple solution for encrypting passwords?
I've created an internal website (ASP/vbscript) that has individual logins for employees. Since I am the only person with access to the web/database server, I am storing plain text passwords in the database (I know - bad idea). I thought we wouldn't have a problem with hackers within the company, but I was notified by an angry employee using network monitoring software (against company policy) that he can see his plain-text password being passed over the network.
So, now I have to encrypt the passwords in the database - which I obviously should have done from the start. The problem is that I am a database newbie, so I don't even know where to start. I've seen posts about RC4, but I am confused. I'm looking for something VERY simple - anyone know of an "encrypting for dummies" article? If I encrypt the passwords in the database, would I have to do anything special in my ASP code? By the way, I can't use SSL on this server, if that makes a difference.
Thanks.
-
RC-4 is the standard encrption logic, it has been while and pretty stable.
Here is the link for using RC4 encrption.
http://www.databasejournal.com/img/RC4_enhanced.sql
Cryptology is a huge subject.
Here is the link for how to have a secure system
http://www-theory.dcs.st-and.ac.uk/~...tml/node4.html
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|