close ad
WARNING PC USERS: Do Not Install the DREAMWEAVER CC 2017 Update »
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Password encryption

Thread began 10/04/2009 3:22 pm by Roxana | Last modified 10/06/2009 7:14 am by Roxana | 2091 views | 11 replies |

Roxana

Password encryption

I watched the interactive tutorial on how to encrypt the password on the log in page. The database field was supposed to match that encryption.

How do I encrypt the database field to match SHA1 encryption?

I am using PHP MyAdmin.

Sign in to reply to this post

David CHnet.com

No "encryption" needed in database

In your form you define the password field as being encrypted. That means that when the POST is made from the form the value typed in is immediately encrypted, then stored in the database as hex.

Therefore the database field only has to store characters - there is nothing special about the defintion of that field, it should be type "varchar" of 40 characters.

When the password is read for validation at login, the process is ...

- password entered by user as plain text
- it is then encrypted on POST
- the password is read from the value stored in the database (also encrypted)
- the two values are compared
- resulting action

Hope that helps and I hope I am right. I only dealt with all this myself for the first time yesterday, it wasn't easy, and I've been doing this stuff since the days of Noah. If you haven't found it, it is more than useful to download the sample tables where the table "visitors" shows you the table structure you need.

Sign in to reply to this post

David CHnet.com

Where to find SQL tables

Quoting myself in another thread -

"But I kept on seeing references to a database table "visitors" that was nowhere to be found. I found it today in My Account, My Downloads, Security Assist, Solution Recipe Support Files. Doh."

Hope that helps.

Sign in to reply to this post

Roxana

Not working

Thank you for your reply, David.

I looked at the visitor table, and there is nothing special about the password field. So I went ahead and encrypted the password field of the login page. I then tried to log in, and I was redirected to the accessDenied page. After removing the encryption from the password formfield, the login worked again. So there is something I need to do to the database password field to encrypte it.

This is, what was said in the tutorial: "Because the database value will be encrypted, the compareble formfield will also need to be encryted."

How do I encrypt the database value?

Sign in to reply to this post

David CHnet.com

Red herring

You don't, it's a Red Herring, I had the exact same problem yesterday.

- First delete the user record from your database
- On the register page make sure that Insert Record server behaviour saves the password field as encrypted
- register a new account
- have a look in the SQL tables and you should see a big long encrypted string in the password field
- On the login page make sure that the password field is set to use encryption
- Then try logging in with the new account

I must say, I had a lot of trouble with this myself, but it's all working as described now. You definately don't have to do anything special with the field definition of the password field in the table.

Sign in to reply to this post

Roxana

Hi David,

It makes sense what you say. However, in the Insert Record server behavior of my registration page there is no option to make the password field encrypted. After reregistering the password value in the database looks the same as before.

Sorry, but it is not working for me yet.

Sign in to reply to this post

David CHnet.com

Adding encryption to password field

- Open the insert page
- In the Applications panel double click on the "Insert Record (tablename)" server behaviour
- click next
- select the Password field
- click the lightning bolt next to the Value: box
- "Please select a server entity" box appears, select the password field
- below that set the format to "Encryption - SHA1"

Voila!
Hope that helps ...

Sign in to reply to this post

Jason ByrnesWebAssist

David's steps are correct, however there is one thing to clarify:


The registration page originally created by Security Assist uses the Dreamweaver Insert Record Server behavior.

In the Solution Recipe, you remove the Dreamweaver insert record server behavior and replace it with the data assist Insert Record Server behavior which allows you the ability to set the formation to SHA1 for the password when it is stored in the database.

Sign in to reply to this post

Roxana

Thank you! I have it now. The password displays like a long string of numbers and letters.

Do I have to do the same with the Profile page (replacing the dreamweaver behavior with the DataAssist behavior?

Sign in to reply to this post

Jason ByrnesWebAssist

On the Profile page, the ability to change the password is removed. it is moved to a separate page. You should review the Solution Recipe video for the complete steps.

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...