Password encryption

I watched the interactive tutorial on how to encrypt the password on the log in page. The database field was supposed to match that encryption.

How do I encrypt the database field to match SHA1 encryption?

I am using PHP MyAdmin.

In your form you define the password field as being encrypted. That means that when the POST is made from the form the value typed in is immediately encrypted, then stored in the database as hex.

Therefore the database field only has to store characters - there is nothing special about the defintion of that field, it should be type "varchar" of 40 characters.

When the password is read for validation at login, the process is ...

- password entered by user as plain text
- it is then encrypted on POST
- the password is read from the value stored in the database (also encrypted)
- the two values are compared
- resulting action

Hope that helps and I hope I am right. I only dealt with all this myself for the first time yesterday, it wasn't easy, and I've been doing this stuff since the days of Noah. If you haven't found it, it is more than useful to download the sample tables where the table "visitors" shows you the table structure you need.

Quoting myself in another thread -

"But I kept on seeing references to a database table "visitors" that was nowhere to be found. I found it today in My Account, My Downloads, Security Assist, Solution Recipe Support Files. Doh."

Hope that helps.

Thank you for your reply, David.

I looked at the visitor table, and there is nothing special about the password field. So I went ahead and encrypted the password field of the login page. I then tried to log in, and I was redirected to the accessDenied page. After removing the encryption from the password formfield, the login worked again. So there is something I need to do to the database password field to encrypte it.

This is, what was said in the tutorial: "Because the database value will be encrypted, the compareble formfield will also need to be encryted."

How do I encrypt the database value?

You don't, it's a Red Herring, I had the exact same problem yesterday.

- First delete the user record from your database
- On the register page make sure that Insert Record server behaviour saves the password field as encrypted
- register a new account
- have a look in the SQL tables and you should see a big long encrypted string in the password field
- On the login page make sure that the password field is set to use encryption
- Then try logging in with the new account

I must say, I had a lot of trouble with this myself, but it's all working as described now. You definately don't have to do anything special with the field definition of the password field in the table.

Hi David,

It makes sense what you say. However, in the Insert Record server behavior of my registration page there is no option to make the password field encrypted. After reregistering the password value in the database looks the same as before.

Sorry, but it is not working for me yet.

- Open the insert page
- In the Applications panel double click on the "Insert Record (tablename)" server behaviour
- click next
- select the Password field
- click the lightning bolt next to the Value: box
- "Please select a server entity" box appears, select the password field
- below that set the format to "Encryption - SHA1"

Voila!
Hope that helps ...

David's steps are correct, however there is one thing to clarify:


The registration page originally created by Security Assist uses the Dreamweaver Insert Record Server behavior.

In the Solution Recipe, you remove the Dreamweaver insert record server behavior and replace it with the data assist Insert Record Server behavior which allows you the ability to set the formation to SHA1 for the password when it is stored in the database.

Thank you! I have it now. The password displays like a long string of numbers and letters.

Do I have to do the same with the Profile page (replacing the dreamweaver behavior with the DataAssist behavior?

On the Profile page, the ability to change the password is removed. it is moved to a separate page. You should review the Solution Recipe video for the complete steps.