Jemts has asked for the wisdom of the Perl Monks concerning the following question:
I was thinking of ways to take a password and when you save it encode it.
Are there any widley use advance way to do this safely?
Jemts
"If you're traveling in a time machine, and you're eating corn on the cob, I don't think it's going to affect things one way or the other. But here's the point I'm trying to make: Corn on the cob is good, isn't it."
Re: Encoding Password
by knobunc (Pilgrim) on May 11, 2001 at 00:51 UTC
|
It depends what you want to do.
Do you want to:
- Be able to get the exact text back later? e.g. to pass to a different program to authenticate the user.
- Be able to simply check that the password given matches the one previously given
The two cases are different since in the first you have to have a reversible way of getting it out which is pretty much going to be unsafe no matter what. If you can do the second case you can use the crypt function to munge the password, store the munged version and then later munge the new password given and compare the two munged versions. That way you never need to store the cleartext version.
If that doesn't help, tell us what you are really trying to do and we will help.
-ben
| [reply] |
Re: Encoding Password
by Sherlock (Deacon) on May 11, 2001 at 00:52 UTC
|
You can probably turn up a lot of information on this topic if you use Super Search. You can take a look here to get a nice tutorial of how to use encryption. That link came from this node and there are lots of others around here such as How do I decode encrypted password files? and A very simple userid/password check. Hopefully, some of these will have what you're looking for.
If you still can't find what you're looking for or are having trouble with a specific portion of the encryption, post what you're having trouble with and maybe I can be of more help. Hopefully, this will at least get you started.
Good luck,
- Sherlock
Skepticism is the source of knowledge as much as knowledge is the source of skepticism. | [reply] |
Re: Encoding Password
by thpfft (Chaplain) on May 11, 2001 at 01:33 UTC
|
You might want to try Apache::Htpasswd. It gives more or less transparent access to apache authentication. Two possible drawbacks, though: it's very hard to force a logout without ending the browser session if you log in via apache, and this falls into knobunc's second category, ie you can still check against the encrypted version but never get the plaintext version of the password back again.
| [reply] |
Re: Encoding Password
by ZZamboni (Curate) on May 11, 2001 at 01:49 UTC
|
| [reply] |
|