CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: General Discussions: Internet Security:
Encrypt or not?

 



Jeffro_Tull
Novice

Feb 10, 2002, 7:42 AM

Post #1 of 3 (28030 views)
Encrypt or not? Can't Post

I run a website which uses usernames/passwords to be able to get to the members areas. Right now, when a new user signs up, they fill in a form and all their information is saved to a straight text file in a protected directory. I am about to create a page so that a user may retrieve a lost password.

I have been reading some of the posts in this thread and most everyone is using some sort of password encryption. I am not and was wondering what the consequences are. Keep in mind that the text files are in a protected directory. The reason I avoided the password encryption was because I wanted to be able to automate the lost password retrieval and did not know how to decrypt the encrypted passwords.

Any suggestions?


PerlKid
stranger

Feb 13, 2002, 2:09 PM

Post #2 of 3 (28007 views)
Re: [Jeffro_Tull] Encrypt or not? [In reply to] Can't Post

Unless you are using a custom encryption algorithm, it is pretty much imposible to decrypt anything encrypted with the standard unix crypt() function. What I suggest doing is to go ahead and encrypt the password. When a user loses his/her password, you can reset it to a temporary random string and send it to the user via email. Once the user is logged in, they may change it to whatever they want.

(also pm'd you this message by accident...)
--Philip
FuzzyLogic at PerlMad dot com

(This post was edited by PerlKid on Feb 25, 2002, 11:20 PM)


yapp
User

Feb 23, 2002, 2:16 AM

Post #3 of 3 (27995 views)
Re: [PerlKid] Encrypt or not? [In reply to] Can't Post

Yep. Here are even some more details (using a sample console program)

[perl]
print "Please enter your password: ";
chomp(my $password) = <STDIN>; # Enter a password

my $crypted = crypt($password, 'rx'); # rx is just a random key.
print "crypted password: $crypted\n";



## Now, append this code to see a password check in action:


print "\nNow, let's check passwords\nPlease enter your password: ";
chomp(my $entered = <STDIN>);

if( crypt($entered, $crypted) eq $crypted) {
print "Password is OK\n";
}
else {
print "Wrong password!\n";
}
[/perl]

Does this forum only accept one perl code tag?? I couldn't split these two?

Yet Another Perl Programmer

_________________________________
~~> [url=http://www.codingdomain.com]www.codingdomain.com <~~
More then 3500 X-Forum [url=http://www.codingdomain.com/cgi-perl/downloads/x-forum]Downloads! Cool

(This post was edited by yapp on Feb 23, 2002, 2:19 AM)

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives