• notice
  • Congratulations on the launch of the Sought Tech site

Protect Web Site Sensitive Data Methods to Protect Web Site

If you are running a web application that uses MySQL, there is a great chance that it will save passwords or other sensitive information in the application.Protecting these data from hackers or snoopers is an important concern, because you can neither allow unauthorized persons to use or destroy applications, and at the same time ensure your competitive advantage.Fortunately, MySQL comes with many encryption functions designed to provide this type of security.This article outlines some of these functions and explains how to use them and the different levels of security they can provide.

   Two-way encryption

   Let us start with the simplest encryption: two-way encryption.Here, a piece of data is encrypted by a key and can only be decrypted by people who know the key.MySQL has two functions to support this type of encryption, called ENCODE() and DECODE().Here is a simple example:

  mysql> INSERT INTO users (username, password) VALUES ('joe', ENCODE('guessme','abracadabra'));

  Query OK, 1 row affected (0.14 sec)

   Among them, Joe’s password is guessme, it passed The key abracadabra is encrypted.It should be noted that the encrypted result is a binary string, as shown below:

  mysql> SELECT * FROM users WHERE username='joe';

  +----------+----------+

| username | password |

  +----------+----------+

  | joe | ?i??!? |

  +----------+----------+

  1 row in set (0.02 sec)

  abracadabra This key is essential for restoring to the original string.This key must be passed to the DECODE() function to obtain the original, unencrypted password.Here is how to use it:

  mysql> SELECT DECODE(password,'abracadabra') FROM users WHERE username='joe';

  +---------------------------------+

  | DECODE(password,'abracadabra') |

  +---------------------------------+

  | guessme |

  +---------------------------------+

  1 row in set (0.00 sec)

  It should be easy to see how it works in the Web application-when authenticating the user to log in, DECODE() will use the website-specific key to unlock the password stored in the database and enter it with the user Contents are compared.Assuming you use PHP as your scripting language, you can query like this:

  $query="SELECT COUNT(*) FROM users WHERE username='$inputUser' AND DECODE(password,'abracadabra')='$inputPass'";?>

   Tip: Although ENCODE() The two functions and DECODE() can meet most of the requirements, but sometimes you want to use stronger encryption methods.In this case, you can use the AES_ENCRYPT() and AES_DECRYPT() functions, they work in the same way, but with higher encryption strength.

  One-way encryption

   One-way encryption is different from two-way encryption.Once data is encrypted, there is no way to reverse this process.Therefore, the verification of the password includes re-encrypting the user's input and comparing it with the stored ciphertext to see if it matches.A simple one-way encryption method is the MD5 checksum.MySQL's MD5() function will create a "fingerprint" for your data and save it for verification testing.Here is a simple example of how to use it:

  mysql> INSERT INTO users (username, password) VALUES ('joe', MD5('guessme'));

  Query OK, 1 row affected (0.00 sec)

  mysql> SELECT * FROM users WHERE username='joe';

  +----------+----------------------------------+

  | username | password |

  +----------+----------------------------------+

  | joe | 81a58e89df1f34c5487568e17327a219 |

  +----------+----------------------------------+

  1 row in set (0.02 sec)

   Now you can test whether the content entered by the user matches the saved password by obtaining the MD5 of the password entered by the user Check the code and compare it with the saved password, like the following:

  mysql> SELECT COUNT(*) FROM users WHERE username='joe' AND password=MD5('guessme');

  +----------+

  | COUNT(*) |

  +----------+

  | 1 |

  +----------+

  1 row in set (0.00 sec)

   Or you Consider using the ENCRYPT() function, which uses the crypt() system call at the bottom of the system to complete the encryption.This function has two parameters: one is the string to be encrypted, and the other is the double (or more) character "salt".It then encrypts the string with salt; this salt can then be used to re-encrypt the user input and compare it with the previously encrypted string.The following example shows how to use it:

  mysql> INSERT INTO users (username, password) VALUES ('joe', ENCRYPT('guessme','ab'));

  Query OK, 1 row affected (0.00 sec)

  mysql> SELECT * FROM users WHERE username='joe';

  +----------+---------------+
 | username | password |

  +----------+---------------+

  | joe | ab/G8gtZdMwak |

  +----------+---------------+

  1 row in set (0.00 sec)

  The result is

  mysql> SELECT COUNT(*) FROM users WHERE username='joe' AND password=ENCRYPT(' guessme','ab');

  +----------+

  | COUNT(*) |

  +----------+

  | 1 |

  +----------+

  1 row in set (0.00 sec)

   Tip: ENCRYPT() can only be used on *NIX systems, because it needs to use the underlying crypt() library.

Tags

Technical otaku

Sought technology together

Related Topic

0 Comments

Leave a Reply

+