numero = 41968
interpreted = N
texte = If you encrypt with a seed... ... you can decrypt with the same seed ... you cannot compare the encrypted value, as the encryption scheme will create different encrypted strings representing the same original value ... you can compare if you decrypt first then compare the decrypted valueIf you encrypt without a seed... ... you cannot decrypt the encrypted string ... you can compare the encrypted data, as the encryption scheme ensures that the same encrypted value is created every time you encrypt the same source stringWebDNA's users.db uses encryption without a seed, so you can compare encrypted passwords but can never see their decrypted form.- brian At 5:43 PM 7/26/02, Lester Emo wrote: >Aha >If I just use [encrypt] can I still do comparisons etc like I'm >trying to do??? > >If I can't . . .how can I protect a password using webcats internal >authentication . . . or can I ?? > > >It all was working fine until I starting to insert encryp stuff . . . . > > > > >At 10:36 AM 7/27/02, you wrote: >>Lester, you cannot encrypt with a seed when you are using WebCats internal >>authentication.you just need to use just [encrypt], the downside is >>you cannot decrypt it. >> >>Alain >> >>> I'm stymied. >>> Why won't these procedures authenticate a password encrypted and >>> written to a database? >>> >>> >>> Following a procedure outlined by Ken I came across in the archives . . >>> . >>> >> > I copied the users.db database and renamed it members.db >>> I copied MultiGroupChecker and renamed it MemberChecker >>> Placed both of the new files in the same folder as pages I want to >>> protect >>> >>> >>> I use this to write a username/password combo into a database. >>> >>> [append >>> db=members.db]user=[uppercase][user][/uppercase]&pass=[url][url][encrypt >>> >>> >>>seed=1234][uppercase][pass][/uppercase][/encrypt][/url][/url]&groups=e-info[/append]> >>> >>> On top of pages to protect I have: >>> [include file=MemberChecker&groups=e-info] >>> >>> In my MemberChecker I have the following: >>> >>> [!] check for user in members.db[/!] >>> [showif NotFound=[lookup >>> >>>db=members.db&lookinField=user&value=[uppercase][username][/uppercase]&returnField=user¬Found=NotFound]] >>> [authenticate Bad User] >>> [/showif] >>> >>> [!] Check password of user in members.db[/!] >>> [showif [uppercase][password][/uppercase]![lookup >>> >>>db=members.db&lookinField=user&value=[uppercase][username][/uppercase]&returnField=[decrypt >>> >>> seed=1234][unurl][unurl]pass[/unurl][/unurl][/decrypt]¬Found=NotFound] >>> [authenticate Bad Password] >>> [/showif] >>> >>> >>> >>> To make sure I was encrypting and decrypting the password properly I >>> made another page with the following: >>> >>> >>> [text]public=Ginny+me^$1234[/text] >>> >>> [text]private=[url][url][encrypt >>> seed=1234][uppercase][public][/uppercase][/encrypt][/url][/url][/text] >>> >>> [text]resurrection=[decrypt >>> seed=1234][unurl][unurl][private][/unurl][/unurl][/decrypt][/text] >>> >>> public=[public]
>>> private=[private]
>>> resurrection=[resurrection]
>>> >>> All went well with the above test code . . . >>> >>> . . . >>> >>> I just can't get my procedures to work with authenticate . . . . >>> All stops at Bad Password >>> >>> >>> >>> >>> >>> >>> ------------------------------------------------------------- >>> This message is sent to you because you are subscribed to >> > the mailing list . >> > To unsubscribe, E-mail to: >> > To switch to the DIGEST mode, E-mail to >>> Web Archive of this list is >>> at: http://search.smithmicro.com/ >> >> >>-- >>Alain Russell >>Blackpepper Interactive >>alain.russell@blackpepper.co.nz >>ph. 09 520 6280 >> >> >> >>------------------------------------------------------------- >>This message is sent to you because you are subscribed to >> the mailing list . >>To unsubscribe, E-mail to: >>To switch to the DIGEST mode, E-mail to >> >>Web Archive of this list is at: http://search.smithmicro.com/ > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to > >Web Archive of this list is at: http://search.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Re: encrypt/decrypt password with authenticate (Brian Fries 2002)
If you encrypt with a seed... ... you can decrypt with the same seed ... you cannot compare the encrypted value, as the encryption scheme will create different encrypted strings representing the same original value ... you can compare if you decrypt first then compare the decrypted valueIf you encrypt without a seed... ... you cannot decrypt the encrypted string ... you can compare the encrypted data, as the encryption scheme ensures that the same encrypted value is created every time you encrypt the same source stringWebDNA's users.db uses encryption without a seed, so you can compare encrypted passwords but can never see their decrypted form.- brian At 5:43 PM 7/26/02, Lester Emo wrote: >Aha >If I just use [encrypt] can I still do comparisons etc like I'm >trying to do??? > >If I can't . . .how can I protect a password using webcats internal >authentication . . . or can I ?? > > >It all was working fine until I starting to insert encryp stuff . . . . > > > > >At 10:36 AM 7/27/02, you wrote: >>Lester, you cannot encrypt with a seed when you are using WebCats internal >>authentication.you just need to use just [encrypt], the downside is >>you cannot decrypt it. >> >>Alain >> >>> I'm stymied. >>> Why won't these procedures authenticate a password encrypted and >>> written to a database? >>> >>> >>> Following a procedure outlined by Ken I came across in the archives . . >>> . >>> >> > I copied the users.db database and renamed it members.db >>> I copied MultiGroupChecker and renamed it MemberChecker >>> Placed both of the new files in the same folder as pages I want to >>> protect >>> >>> >>> I use this to write a username/password combo into a database. >>> >>> [append >>> db=members.db]user=[uppercase][user][/uppercase]&pass=[url][url][encrypt >>> >>> >>>seed=1234][uppercase][pass][/uppercase][/encrypt][/url][/url]&groups=e-info[/append]> >>> >>> On top of pages to protect I have: >>> [include file=MemberChecker&groups=e-info] >>> >>> In my MemberChecker I have the following: >>> >>> [!] check for user in members.db[/!] >>> [showif NotFound=[lookup >>> >>>db=members.db&lookinField=user&value=[uppercase][username][/uppercase]&returnField=user¬Found=NotFound]] >>> [authenticate Bad User] >>> [/showif] >>> >>> [!] Check password of user in members.db[/!] >>> [showif [uppercase][password][/uppercase]![lookup >>> >>>db=members.db&lookinField=user&value=[uppercase][username][/uppercase]&returnField=[decrypt >>> >>> seed=1234][unurl][unurl]pass[/unurl][/unurl][/decrypt]¬Found=NotFound] >>> [authenticate Bad Password] >>> [/showif] >>> >>> >>> >>> To make sure I was encrypting and decrypting the password properly I >>> made another page with the following: >>> >>> >>> [text]public=Ginny+me^$1234[/text] >>> >>> [text]private=[url][url][encrypt >>> seed=1234][uppercase][public][/uppercase][/encrypt][/url][/url][/text] >>> >>> [text]resurrection=[decrypt >>> seed=1234][unurl][unurl][private][/unurl][/unurl][/decrypt][/text] >>> >>> public=[public]
>>> private=[private]
>>> resurrection=[resurrection]
>>> >>> All went well with the above test code . . . >>> >>> . . . >>> >>> I just can't get my procedures to work with authenticate . . . . >>> All stops at Bad Password >>> >>> >>> >>> >>> >>> >>> ------------------------------------------------------------- >>> This message is sent to you because you are subscribed to >> > the mailing list . >> > To unsubscribe, E-mail to: >> > To switch to the DIGEST mode, E-mail to >>> Web Archive of this list is >>> at: http://search.smithmicro.com/ >> >> >>-- >>Alain Russell >>Blackpepper Interactive >>alain.russell@blackpepper.co.nz >>ph. 09 520 6280 >> >> >> >>------------------------------------------------------------- >>This message is sent to you because you are subscribed to >> the mailing list . >>To unsubscribe, E-mail to: >>To switch to the DIGEST mode, E-mail to >> >>Web Archive of this list is at: http://search.smithmicro.com/ > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to > >Web Archive of this list is at: http://search.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Brian Fries
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...