CodeCharge Studio
search Register Login  

Visual PHP Web Development

Visually Create Internationalized Web Applications, Web Reports, Calendars, and more.
CodeCharge.com

YesSoftware Forums -> CodeCharge Studio -> PHP

 MD5 hashed passwords in MySQL

 Print topic Send topic

Author Message
Markie


Posts: 251
Posted: 01/19/2009, 7:23 AM
Today I decided to use md5 hashed passwords for my members table. It's working great with CCS 4. But, a few moments ago I did a test with wireshark (network sniffer) and I could still see the passwords in the intercepted network packages. Is this normal ?
_________________
The Netherlands, GMT+1
Tools: CCS 5.1, Windows 7, Navicat, Ultraedit
Local server: XAMPP with Apache, php and MySQL
Webserver: Windows 2008 IIS 7, php and MySQL
View profile  Send private message
jjrjr1


Posts: 942
Posted: 01/19/2009, 8:02 AM
Markie.

It is probably normal for the PWs to travel the line in the clear without any client side encryption such as SSL.

Since the encryption in the application you described is handled at the server for in / out to the DB tables.

Example:On the client's browser the user enters a password. Without any clinet side encryption such as SSL, the data is just sent on the line to the host. Then the host application encrypts/decrypts as needed to validate passwords againts the DB.

Maybe install a SSL Cert on your host.

Have fun.



_________________
John Real - More CodeCharge Studio Support at - http://CCSElite.com
View profile  Send private message
datadoit
Posted: 01/19/2009, 8:09 AM
That is absolutely correct. ALL web security starts with valid SSL
encryption for the connection channel between host and client.

Google for javascript scripts that will hash your field entry prior to
submitting the form for an extra layer of security. It's not
uncrackable, but usually will be enough of a headache to thwart the
crooks of the world.
jjrjr1


Posts: 942
Posted: 01/19/2009, 8:56 AM
Good Point

If you do not want to install SSL, you can do as datadoit suggests.

Encrypt on the client side before submitting the form using a javascript fuction.

However, you will need to have a partner decryption function at your host to decrypt it unless you find a javascript MD5 encryption routine that matches the MySql application.

Again, as he said, this does not necessarily make it un-crackable.


_________________
John Real - More CodeCharge Studio Support at - http://CCSElite.com
View profile  Send private message
Markie


Posts: 251
Posted: 01/19/2009, 9:32 AM
Well, I always wanted to start using SSL and now is a good moment !
Thanks for helping me
_________________
The Netherlands, GMT+1
Tools: CCS 5.1, Windows 7, Navicat, Ultraedit
Local server: XAMPP with Apache, php and MySQL
Webserver: Windows 2008 IIS 7, php and MySQL
View profile  Send private message

Add new topic Subscribe to topic   


These are Community Forums for users to exchange information.
If you would like to obtain technical product help please visit http://support.yessoftware.com.

MS Access to Web

Convert MS Access to Web.
Join thousands of Web developers who build Web applications with minimal coding.
CodeCharge.com

Home   |    Search   |    Members   |    Register   |    Login


Powered by UltraApps Forum created with CodeCharge Studio
Copyright © 2003-2004 by UltraApps.com  and YesSoftware, Inc.