close ad
WARNING: Do Not Install the DREAMWEAVER CC 2017 Update »
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Encrypting Customer Data

Thread began 2/11/2013 1:11 pm by jason363662 | Last modified 7/25/2014 11:53 am by Jason Byrnes | 1009 views | 9 replies |

jason363662

Encrypting Customer Data

I understand how to use security assist to encrypt password information created during the sign-up process but I'm wondering if I can use SA's built-in encryption tools to encrypt other data stored to my database. For example, my users will be able to keep a contact/customer list on my site - I would like to encrypt all related data. Can I use SA to help me do this? Thanks!

Sign in to reply to this post

Jason ByrnesWebAssist

be aware that data encryption is one way, meaning once encrypted the data cannot be decrypted. It is not intended to encrypt and decrypt the data.

so if you encrypted the first name for example, you would not be able to display the unencrypted first name on the page.

Sign in to reply to this post

jason363662

Are you sure?

If your plugin only handles encryption, how is it that when I use your password recovery utility the system sends me my username and password (now decrypted) via email?

I understand if it's not possible to use SA for encrypting/decrypting other data, but this might be a feature you should consider adding. I imagine many of your users would benefit by being able to secure db information outside of just the login process.

Thanks, you guys are the best!

Sign in to reply to this post

Jason ByrnesWebAssist

in security assist 2, the forgot password sends the user to a page to reset their password,

in security assist 1, you could create a forgot password page that would create a new random password, send that password in the email, then encrypt it and store the new random password in the database, it was decrypting what was already there, it was creating a new one, and sending that.

Sign in to reply to this post

jason363662

Am I doing someting wrong?

I'm assuming I have SA2 - I have the latest SuperSuite running on DW CS6. I show Ecart 5.0.6 and databridge 1.0.3 (not sure which contains SA)

I've run through the whole process - create new username & pw, login, logout, request pw. The system emails me the following:

Password Information

Your username and password were requested from our website. They have been recovered and are listed below:

Username: j*****m
Password: testpass1


(I asterisked my username - the system sent it in full)

I can see that the password is being stored in the database hashed as requested, but it definitely seems like it's being decrypted and sent back to me.

Am I being obtuse? I don't mind it working this way - I just want to make sure my passwords are securely encrypted.

Sign in to reply to this post

Jason ByrnesWebAssist

if it is emailing you the password, you are not using encryption.

if you where using encryption, the forgot password page would send a link for you to reset the password.

only if the password is not encrypted will it send an email with the password, because the password cannot be decrypted.

Sign in to reply to this post

jason363662

Are You Sure? Are you really, really sure?

Something isn't jiving - digging a little deeper I found that I can format uploads through databridge to encrypt using several different formats and that I can then format on the recordset binding to show the data decrypted (see attached).

This is working to do exactly what I wanted to do and asked in my original question, that is, encrypt user entered data and decrypt when I need to display it.

I can see the data in my MySql database, and it is definitely encrypted.

In other words, it seems that I can indeed use Security Assist to encrypt and decrypt data.

I feel like I've been on a bit of a wild-goose chase in this thread with you insisting that I can't use SA to accomplish what I was hoping and then having to discover on my own that I can.

Or maybe we have a fundamental miscommunication happening somewhere.

Sign in to reply to this post

Jason ByrnesWebAssist

I stand corrected, the HASH and RIJENDL encryption types are capable of being decrypted, these are very uncommonly used however,

the other encryption types which are more commonly used, especially for password encryption, are one way encryption types that are not able to be decrypted.

Sign in to reply to this post

Art

Jason, by "one way" you mean it can still be tested and matched (in the case of a password), it just can't be decrypted and displayed again. Is that correct?

Sign in to reply to this post

Jason ByrnesWebAssist

yes, you can still test the password entered by the password in the database by encrypting the entered password,

"One Way" encryption means it cannot be decrypted

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...