close ad
Install the LAtest Updates to Work with CC 2017 and CC 2018
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

adding encryption to login password box

Thread began 4/09/2010 1:41 pm by mr hankey | Last modified 8/13/2010 4:44 pm by Jason Byrnes | 2726 views | 23 replies |

mr hankey

adding encryption to login password box

hi,

i have generated my login page with security assist with a remember me option.

when i open my login page in DW and trying click on the password box and go to bindings to add encryption SHA1 it applies it to the cookies password, i cannot seem to click away from that and because of this when someone goes to the login page and ticks the remember me option then goes away and tries to login again it puts wont allow them to login takes them to the email password page as it has added more masked characters to the login password box.

can anyone help please?

many thanks

Sign in to reply to this post

Eric Mittman

You should be editing your authenticate user server behavior for the posted login info and apply the formatting to the posted password element. If you have any further trouble with this post back with your login page so we can take a look at the issue.

Sign in to reply to this post

mr hankey

thanks eric, when i open the authenticate server behaviour it opnes a 3 stage wizard.

1st is the table and redirect pages.
2nd then shows me the columns to authenticate, when i click the dynamic lightning bolt i have the WACookies then below i have the WA login form, i assumed i clicked the userpassword filed in my login box, click format and choose sha1 encryption.

i done this and uploaded and it redirected me to my email password box.

when i take this out, it then works again.

can you advise?

many thanks

Sign in to reply to this post

Eric Mittman

So you can have users login so long as you are not formatting the password with the sha1 correct?

This means that you are not storing the password encrypted in the db. You must have an encrypted password in your db for that user in order to use this functionality when logging in.

It is only when you store an encrypted password that you need to format the user's entered password with sha1. If you are not storing the password in sha1 format then you should not format the user's password when they are logging in.

Sign in to reply to this post

mr hankey

thanks eric, i now see what i need to do.

if i want to use encryption on login but have existing users and will be registering the users manually via mysql database how can i set the password to match the encrypted?

can it be done and do you need to use the encryption?

many thanks

Sign in to reply to this post

Eric Mittman

If you are using encryption on login it means that you are storing the passwords in an encrypted format in your db. If the passwords that exist are not stored like this then there is no need to have an encrypted login.

To make the login work with encryption you will first need to update your registration process so that you are inserted the encrypted version of the password for the user. If you have existing users you will need to make sure that you update the passwords that are in your db to be the sha1 encrypted version of that password.

If you register the user's yourself you could just update your registration page and re-register the existing users, this should get them to have an encrypted password in the db.

Sign in to reply to this post

mr hankey

thanks eric, i register users myself straight into the database, so maybe i will create a form and do it from there so it is encrypted.

other than that is there a way to show the encrypted version of a password?

maybe an online site converter?

also one last thing if you dont mind, is it best to use sha1?

is it an issue not to use any encryption?

many thanks

Sign in to reply to this post

Eric Mittman

I'm not sure that I understand what is being asked here:

  other than that is there a way to show the encrypted version of a password?  



If you would like to see an encrypted version of any value you can output it with php like this:

php:
<?php print(sha1("the value to show as encrypted")); ?>



There are other methods of hashing a value that do not rely on sha1. It will create a hash value for you, but how safe it is depends on who you ask. I think in general it would be fine for most instances, but there are others out there that might produce a larger harder to crack hash. You should be able to find out more about them by searching the php site.

Sign in to reply to this post

mr hankey

Thanks Eric for your help with this, having trouble though maybe you can help.

I create a Users_Update page by creating a recordset which filters on session variable = UserID

When i add in the update record it updates all the information correctly. I then added the encryption SHA1 onto the text fields "Password and Confirm Password" boxes i created well what i thought i had done however it was not that, it was in the bindings panel of my recordset that it changed it to encryption SHA1. Not sure if this is the right way to do it Eric, as it encrypts the value that is currently in the box but when i insert a new password it goes into the database the way i key it in. How should it store the password in the database, encrypted or not? How do i add it to encrypt the password when updated and inserted and not the actual value that i have in the update page?

Thanks eric again for your help and sorry if this is a simple fix.

Sign in to reply to this post

Eric Mittman

On any page that is adding the password to the db you will need to encrypt the value when it is being inserted. So in an insert server behavior you would apply the sha1 to the value that you are setting for the password column. This is the same for any page that sets the password in the db, you format it within the insert or update server behavior.

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...