Re: [WebDNA] Encrypted password issue

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 103201
interpreted = N
texte = Kenneth Grome wrote: > I should be able to login when I encrypt a password with a > seed value in the database, right? > > I must be doing something wrong because I'm not able to > login. I encrypt the password like this when a new user > enters it into the register form: > > [append db=xxx.db]pass=[url][encrypt seed=xxx][pass] > [/encrypt][/url][/append] > > And then I encrypt the pass value from my login form before > using it in my search string like this: > > [search db=xxx.db&eqpassdatarq=[url][encrypt seed=xxx][pass] > [/encrypt][/url]] > > So why does the login fail? > > Sincerely, > Ken Grome [encrypt seed=] uses an algorithm that creates different values for each use.. but can extract the starting values from the different encrypted values. This means however that what your search value is is not what is stored in the database. You can use encrypt without the seed value I think. Alternatively, you could create a search that finds all records that equal the username, then do a showif match after decrypting all the pass values. [search.. findall_usernames] [showif [url][decrypt seed=xxxx][unurl][db_value][/unurl][/decrypt][/url]=[url][pass][/url]] This is the right user. [/showif] [/search] Donovan -- Donovan Brooke WebDNA Software Corporation http://www.webdna.us **[Square Bracket Utopia]** Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Encrypted password issue (John Butler 2009)
  2. Re: [WebDNA] Encrypted password issue (Kenneth Grome 2009)
  3. Re: [WebDNA] Encrypted password issue (Bob Minor 2009)
  4. Re: [WebDNA] Encrypted password issue (Kenneth Grome 2009)
  5. Re: [WebDNA] Encrypted password issue (Donovan Brooke 2009)
  6. Re: [WebDNA] Encrypted password issue (Donovan Brooke 2009)
  7. [WebDNA] Encrypted password issue (Kenneth Grome 2009)
Kenneth Grome wrote: > I should be able to login when I encrypt a password with a > seed value in the database, right? > > I must be doing something wrong because I'm not able to > login. I encrypt the password like this when a new user > enters it into the register form: > > [append db=xxx.db]pass=[url][encrypt seed=xxx][pass] > [/encrypt][/url][/append] > > And then I encrypt the pass value from my login form before > using it in my search string like this: > > [search db=xxx.db&eqpassdatarq=[url][encrypt seed=xxx][pass] > [/encrypt][/url]] > > So why does the login fail? > > Sincerely, > Ken Grome [encrypt seed=] uses an algorithm that creates different values for each use.. but can extract the starting values from the different encrypted values. This means however that what your search value is is not what is stored in the database. You can use encrypt without the seed value I think. Alternatively, you could create a search that finds all records that equal the username, then do a showif match after decrypting all the pass values. [search.. findall_usernames] [showif [url][decrypt seed=xxxx][unurl][db_value][/unurl][/decrypt][/url]=[url][pass][/url]] This is the right user. [/showif] [/search] Donovan -- Donovan Brooke WebDNA Software Corporation http://www.webdna.us **[Square Bracket Utopia]** Donovan Brooke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Redirect (2000) All choices on IE different than Netscape (1997) WebDNA color code chart - oops (2002) Cookie setting (2003) Summary: Webmerchant quitting (1998) can't find the pdf (1999) WebCat2.0 [format thousands .0f] no go (1997) [cart] clarification... (1997) Forms Search Questions (1997) Not really WebCat (1997) Storing dates (was: Ticket Ordering Question) (2003) File upload woes (1998) REVISED: Help needed: older WebCat app breaks under 4.0.1 (2000) NT b19 sends extra MIME headers (1997) [LOOKUP] (1997) searching numbers (1998) Emailer (1997) small job/demo setup (1999) return missing item (was:WebCat Sales) (1997) [OT] Theiving B*****ds (2004)