Results 1 to 2 of 2

Thread: Simple solution for encrypting passwords?

  1. #1
    Join Date
    Aug 2003
    Posts
    4

    Unhappy Simple solution for encrypting passwords?

    I've created an internal website (ASP/vbscript) that has individual logins for employees. Since I am the only person with access to the web/database server, I am storing plain text passwords in the database (I know - bad idea). I thought we wouldn't have a problem with hackers within the company, but I was notified by an angry employee using network monitoring software (against company policy) that he can see his plain-text password being passed over the network.

    So, now I have to encrypt the passwords in the database - which I obviously should have done from the start. The problem is that I am a database newbie, so I don't even know where to start. I've seen posts about RC4, but I am confused. I'm looking for something VERY simple - anyone know of an "encrypting for dummies" article? If I encrypt the passwords in the database, would I have to do anything special in my ASP code? By the way, I can't use SSL on this server, if that makes a difference.

    Thanks.

  2. #2
    Join Date
    Sep 2002
    Location
    Fantasy
    Posts
    4,254
    RC-4 is the standard encrption logic, it has been while and pretty stable.

    Here is the link for using RC4 encrption.

    http://www.databasejournal.com/img/RC4_enhanced.sql

    Cryptology is a huge subject.

    Here is the link for how to have a secure system

    http://www-theory.dcs.st-and.ac.uk/~...tml/node4.html

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •