jjk2 Posted May 28, 2008 Share Posted May 28, 2008 what is the safest way to encrypt/hash the datas on the mysql table why dont everyone decide to encrypt the information on tables, such as ip, username, password, and so on? if a hacker were to hack ing steal the table information, would he be able to read the contents of the mysql table data ? (all username, passwords are encrypted format so all he sees is 234jhl2k3as8979234) thank you! Quote Link to comment Share on other sites More sharing options...
Prismatic Posted May 28, 2008 Share Posted May 28, 2008 If one is able to get into your database you have more serious issues to consider then whether or not the data was encrypted or not as it's most likely your entire system was compromised. Focus on preventing attacks and exploits and the prospect of encrypting and hashing *all* the data becomes less and less desirable. You're looking at the situation in a, "well they got in, how can I limit the damage done?" sense, when you should be saying "How can I stop them from getting in?" Quote Link to comment Share on other sites More sharing options...
haku Posted May 28, 2008 Share Posted May 28, 2008 The problem with hashing the username and ip etc, is that hashing is a one-way road, and cannot be unhashed. So hashed information basically becomes inaccessible. This is desirable with passwords, as a properly secure site will never display the password anywhere. However, there are many circumstances where you will need to be able to see the username and IP and email addresses etc, so hashing them would be a bad idea. Quote Link to comment Share on other sites More sharing options...
jjk2 Posted May 28, 2008 Author Share Posted May 28, 2008 thank you haku, that was the explanation i was looking for. Quote Link to comment Share on other sites More sharing options...
jjk2 Posted May 28, 2008 Author Share Posted May 28, 2008 prismatic, i know what you mean. but my question was specific towards hashed data, as to whether a determined individual could decode it and extract passwords, and other sensitive informations in the db. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.