Re: [WebDNA] Encrypted password issue
This WebDNA talk-list message is from 2009
It keeps the original formatting.
numero = 103201
interpreted = N
texte = Kenneth Grome wrote:> I should be able to login when I encrypt a password with a > seed value in the database, right?> > I must be doing something wrong because I'm not able to > login. I encrypt the password like this when a new user > enters it into the register form:> > [append db=xxx.db]pass=[url][encrypt seed=xxx][pass]> [/encrypt][/url][/append]> > And then I encrypt the pass value from my login form before > using it in my search string like this:> > [search db=xxx.db&eqpassdatarq=[url][encrypt seed=xxx][pass]> [/encrypt][/url]]> > So why does the login fail?> > Sincerely,> Ken Grome[encrypt seed=] uses an algorithm that creates differentvalues for each use.. but can extract the starting valuesfrom the different encrypted values.This means however that what your search value is is not whatis stored in the database. You can use encrypt without theseed value I think.Alternatively, you could create a search that finds all recordsthat equal the username,then do a showif match after decrypting all the pass values.[search.. findall_usernames] [showif [url][decrypt seed=xxxx][unurl][db_value][/unurl][/decrypt][/url]=[url][pass][/url]] This is the right user. [/showif][/search]Donovan-- Donovan BrookeWebDNA Software Corporationhttp://www.webdna.us**[Square Bracket Utopia]**
Associated Messages, from the most recent to the oldest:
Kenneth Grome wrote:> I should be able to login when I encrypt a password with a > seed value in the database, right?> > I must be doing something wrong because I'm not able to > login. I encrypt the password like this when a new user > enters it into the register form:> > [append db=xxx.db]pass=
[url][encrypt seed=xxx][pass]> [/encrypt][/url][/append]> > And then I encrypt the pass value from my login form before > using it in my search string like this:> > [search db=xxx.db&eqpassdatarq=
[url][encrypt seed=xxx][pass]> [/encrypt][/url]]> > So why does the login fail?> > Sincerely,> Ken Grome[encrypt seed=] uses an algorithm that creates differentvalues for each use.. but can extract the starting valuesfrom the different encrypted values.This means however that what your search value is is not whatis stored in the database. You can use encrypt without theseed value I think.Alternatively, you could create a search that finds all recordsthat equal the username,then do a showif match after decrypting all the pass values.[search.. findall_usernames] [showif
[url][decrypt seed=xxxx]
[unurl][db_value][/unurl][/decrypt][/url]=
[url][pass][/url]] This is the right user. [/showif][/search]Donovan-- Donovan BrookeWebDNA Software Corporationhttp://www.webdna.us**[Square Bracket Utopia]**
Donovan Brooke
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
OT: JavaScript question (2001)
thankyou.tmpl (1997)
Upgrade probems (2000)
quotes and truncating? (1997)
Using Applescript to process WebCatalog functions (1998)
Preventng cacheing (2000)
More on the email templates (1997)
database size? (1997)
WebCat2b13MacPlugIn - More limits on [include] (1997)
[convertchars] limits (1998)
WebCatalog for guestbook ? (1997)
WebCat2b13 Mac plugin - [sendmail] and checkboxes (1997)
Error Lob.db records error message not name (1997)
[searchString] (1997)
New 6.0 SiteBuilder templates (2004)
The USArea® Network web site ... (1997)
Forcing a NEWCART (1997)
WebCat vs MS SiteServer? (1999)
Re2: frames & carts (1997)
setting line item numbers (1998)