HowTo: Encrypt Passwords in a Database
Let's assume that you have a password - protected website and each user's password is
stored in an unencrypted form in the database. That means that if someone compromises your
database they have access to the passwords for every user. This article explains how to
encrypt your passwords with ASPRunner/PHPRunner so that not even the database administrator
can determine a user's password.
MD5 encryption is a one-way hashing algorithm. Two important properties of the MD5 algorithm are
that it is impossible to revert back an encrypted output to the initial, plain-text input, and that
any given input always maps to the same encrypted value. This ensures that the passwords stored on
the server cannot be deciphered by anyone. This way, even if an attacker gains reading permission to
the user table, it will do him no good.
Let's review the steps you need to follow to create a login page and enable password encryption.
 |
Open your ASPRunner/PHPRunner project |
|
Proceed to Security tab and switch on Create login page checklist |
|
Check Username and password from database option and choose appropriate fields. If you have no table in
which all of the login details are stored you have to create it. |
|
Check off Encrypt passwords box on the User login setting dialog. |
|
Build your ASPRunner/PHPRunner project |
Now, when a new user completes the registration form, his password will be encrypted automatically.
Do not add users with ADD page, because in this case encryption is not provided.
If you have already had records in your users table, you can encrypt them using the following
scripts. To do it, you need to place ASPRunner/
PHPRunner scripts in the Output directory and run them in your browser.
Applies to:
 ASPRunner Pro
PHPRunner
Back
to top | 
