Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder dniwebdesign's Avatar
    Join Date
    Dec 2003
    Location
    Carrot River, Saskatchewan
    Posts
    846
    Thanks
    15
    Thanked 10 Times in 10 Posts

    Encrypted Passwords in MySQL

    I have a forums script on a website. (Inivsion Board to be exact). Of course all the passwords are encrypted but I would like it so I can take the encrypted password and decrypt it. My admin area of my board allows me to change the password but for some users I would like to be able to view the password so if something is going on that they can't view the board I can try logging in with their username and password and see where the board is going wrong so I can fix the problem.

    Is there any script that would do this?

    Also is there anyway you can make a script that doesn't use the encryption method (a chat room) use the same username and password as one that does (my forums)? Thanks
    Dawson Irvine
    CEO - DNI Web Design
    http://www.dniwebdesign.com

  • #2
    Supreme Overlord Spookster's Avatar
    Join Date
    May 2002
    Location
    Marion, IA USA
    Posts
    6,280
    Thanks
    4
    Thanked 83 Times in 82 Posts
    The point of encrypting the password is so that nobody can decrypt it. So unless you plan on modifying InvisionBoards code and stop it from encrypting the passwords then you are pretty much out of luck.
    Spookster
    CodingForums Supreme Overlord
    All Hail Spookster

  • #3
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Of course all the passwords are encrypted but I would like it so I can take the encrypted password and decrypt it.
    Depends on the used encryptionmethod.
    This is a bit academic maybe, but encrypion-methods are reversible (decryption). Hashing algoritmes are not reversable.
    For passwords, you normally use a hashing algoritme. I suppose Spookster thought along these lines.

    But if you realy use an encryptionmethod, then you can decrypt it again. For transfering text, you will normally use encryption (encrypted by the sender, decrypted by the receiver)

    for some users I would like to be able to view the password so if something is going on that they can't view the board I can try logging in with their username and password and see where the board is going wrong so I can fix the problem.
    The only extra security hashing passwords offers, is that noone with acces to the db can see an use them. That is all.
    So your willing to give that up for so what ? If you can log in with your regular username and pwd, then so should the client. There is nothing much more to say about that.

    Also is there anyway you can make a script that doesn't use the encryption method (a chat room) use the same username and password as one that does (my forums)?
    What's the point? The user wount notice it. And your chatroom-passwordversion will then compromise your forum-password.

  • #4
    Supreme Overlord Spookster's Avatar
    Join Date
    May 2002
    Location
    Marion, IA USA
    Posts
    6,280
    Thanks
    4
    Thanked 83 Times in 82 Posts
    Originally posted by raf
    I suppose Spookster thought along these lines.
    Of course. It would be pointless to encrypt something using a ready made function that has also has a ready made function that is publicly available to decrypt it.

    Encrypting the passwords adds another level of protection even if a hacker gets into the system. Also if anybody else has legitimate access to the server but you really don't want them looking at your users passwords then encrypting would alleviate that problem. So if you had a disgruntled ex-employee you wouldn't have to worry about them messing with your users accounts.
    Spookster
    CodingForums Supreme Overlord
    All Hail Spookster

  • #5
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    Only way you're gonna do it is by asking for their username and password. No point in making them details easy to obtain by anyone.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •