It's all well and good for data matching (just hash the input and see if it matches), but what if you ever need to decrypt those hashes. Say your storing users' sensitive data (credit cards, ssn's, etc) your going to need the ability to view that information, yet you need to protect your users. The only solution is two way encryption. You encrypt the data before it is entered into the database, that way if there's ever unauthorized access or theft, your users' sensitive data is not in plain text. Now, unlike hashing, you have the ability to decrypt that data whenever you want. The MySQL functions: AES_ENCRYPT, and AES_DECRYPT How to use these functions in your apps?: INSERT INTO users (user, pass) VALUES ('$username', AES_ENCRYPT('$pass', 'secret encryption key')); and decrypt SELECT user, AES_DECRYPT(pass, 'secret encryption key') FROM users Pretty simple stuff. DES encryption is also available when MySQL is configured with SSL support. Read more about encryption using MySQL at: http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html
|
||||||
|
© 2006 Matt Linardy top |
||||||
