dcls14352
Posts: 4
|
| Posted: 11/21/2012, 4:25 AM |
|
What is the best my to encrypt passwords when using a custom insert? I have tried a few things but none of them work.
|
 |
 |
Lucius
Posts: 220
|
| Posted: 11/21/2012, 11:06 AM |
|
Hi,
There are 2 main, separate things here you need to consider:
- how you store your passwords in your DB
- how you send your passwords from client browser to your server
This is a broad subject, I would suggest you read some materials about this, widely available on the web.
But to answer your question from my point of view, to have a well secured login you need:
- SSL with strong key for https protocol
- bcrypt for your password hashing in the DB
On how to implement DB password encryption in CCS please read CCS help file topic "Implementing password encryption", start with simple MD5 encryption and when you get that move to bcrypt (MD5 is a weak protection nowadays).
Also the help file states that plain-text is low security and two-way password encryption is medium security - those methods are currently "no security" actually.
One way password encryption is considered high-security only when you use good hashing function (like mentioned above weak MD5 vs good bcrypt)
|
|
|
|
MichaelMcDonald
Posts: 640
|
| Posted: 11/21/2012, 6:52 PM |
|
Maybe something in the before insert event like this:
$password = CCGetParam("password");
$password = (md5($password));
untried, let me know how it goes....
_________________
Central Coast, NSW, Australia.
|
|
|
|
dcls14352
Posts: 4
|
| Posted: 11/23/2012, 7:48 AM |
|
Thanks for the help. The problem occured when I tried to insert a new user using a Custom Insert instead of the standard insert. I solved the problem by attaching the following PHP code:
$password = CCEncryptPasswordDB($Component->DataSource->password1->GetValue());
$Component->DataSource->cp["password"]->SetValue($password);
To the Before Build Insert event.
|
|
|
|
dcls14352
Posts: 4
|
| Posted: 11/23/2012, 7:48 AM |
|
Thanks for the help. The problem occured when I tried to insert a new user using a Custom Insert instead of the standard insert. I solved the problem by attaching the following PHP code:
$password = CCEncryptPasswordDB($Component->DataSource->password1->GetValue());
$Component->DataSource->cp["password"]->SetValue($password);
To the Before Build Insert event.
|
|
|
|
