CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
Search Posts SEARCH
Who's Online WHO'S
Log in LOG

Home: General Discussions: Internet Security:
Encrypt or not?



Feb 10, 2002, 7:42 AM

Post #1 of 3 (50701 views)
Encrypt or not? Can't Post

I run a website which uses usernames/passwords to be able to get to the members areas. Right now, when a new user signs up, they fill in a form and all their information is saved to a straight text file in a protected directory. I am about to create a page so that a user may retrieve a lost password.

I have been reading some of the posts in this thread and most everyone is using some sort of password encryption. I am not and was wondering what the consequences are. Keep in mind that the text files are in a protected directory. The reason I avoided the password encryption was because I wanted to be able to automate the lost password retrieval and did not know how to decrypt the encrypted passwords.

Any suggestions?


Feb 13, 2002, 2:09 PM

Post #2 of 3 (50678 views)
Re: [Jeffro_Tull] Encrypt or not? [In reply to] Can't Post

Unless you are using a custom encryption algorithm, it is pretty much imposible to decrypt anything encrypted with the standard unix crypt() function. What I suggest doing is to go ahead and encrypt the password. When a user loses his/her password, you can reset it to a temporary random string and send it to the user via email. Once the user is logged in, they may change it to whatever they want.

(also pm'd you this message by accident...)
FuzzyLogic at PerlMad dot com

(This post was edited by PerlKid on Feb 25, 2002, 11:20 PM)


Feb 23, 2002, 2:16 AM

Post #3 of 3 (50666 views)
Re: [PerlKid] Encrypt or not? [In reply to] Can't Post

Yep. Here are even some more details (using a sample console program)

print "Please enter your password: ";
chomp(my $password) = <STDIN>; # Enter a password

my $crypted = crypt($password, 'rx'); # rx is just a random key.
print "crypted password: $crypted\n";

## Now, append this code to see a password check in action:

print "\nNow, let's check passwords\nPlease enter your password: ";
chomp(my $entered = <STDIN>);

if( crypt($entered, $crypted) eq $crypted) {
print "Password is OK\n";
else {
print "Wrong password!\n";

Does this forum only accept one perl code tag?? I couldn't split these two?

Yet Another Perl Programmer

~~> [url=] <~~
More then 3500 X-Forum [url=]Downloads! Cool

(This post was edited by yapp on Feb 23, 2002, 2:19 AM)


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives