Francisco3945
Posts: 28
|
Posted: 02/03/2017, 7:42 AM |
|
Someone would have an example of how to use the security of the codecharge with the md5 encryption option
|
|
|
eratech
Posts: 513
|
Posted: 02/11/2017, 11:33 PM |
|
@Francisco3945 - Don't use MD5.
It is unsafe and has been for over 15 years (despite what the CCS Manual says).
If you want a quick method of increasing the password encryption without adding extra libraries (like phpass and bcrypt) I suggest using the CCS Password feature and using a different encryption algorithm.
In the project settings under Security > Advanced Security > tick Encrypt Database using > tick Code Expression and put in something like this:
hash('sha256','d4DF44%$'.{password})
but CHANGE the string "d4DF44%$" to any other random string of 4-8 alphanumeric characters.
This will encrypt all the passwords in your database (oh and change the length of the password field to varchar(64) at least) in a similar (but unique to your project) encryption. Don't use MD5.
Pros: It is quick and built in, and can be understood fairly quickly, and you change the 'random string' for each project. No installation of external libraries.
Cons: not 'best practice' and not unique encryption for each person.
If you do 1 little thing to make your passwords more secure, try that. Also check out 'whirlpool' and other encryption functions build into PHP. Don't use MD5.
Cheers
Eric
Don't use MD5.
_________________
CCS 3/4/5 ASP Classic, VB.NET, PHP
Melbourne, Victoria, Australia |
|
|
Francisco3945
Posts: 28
|
Posted: 02/15/2017, 3:36 AM |
|
thank you
|
|
|
|