Posted on 2004-11-22
Last Modified: 2013-12-25
I use the following subroutine to encrypt a password, then another to store it in a database. I have not been able to figure out how to handle the login process for the user. i.e. the user places username and password in a form and submits. How can my perl script check the password for validity?

sub  encrypt_pass
      my $str=$FORM{new_password};
      my $str= shift @_;
      my @salt_chars         = ('a'..'z','A'..'Z','0'..'9');
      my $salt               = $salt_chars[rand(63)] . $salt_chars[rand(63)];
      return crypt($str, $salt);
Question by:Bob-Villa
    LVL 18

    Expert Comment

    Hi Bob-Villa,
    The basic secure process for handling password logins is this:
    Retrieve plain text password from user, encrypt it, store in the database.
    On future logins, retrieve encrypted password from database.  Encrypt supplied password, then check these two values.  If they are the same, the user provided the correct password.  And, the plaintext password is never saved, so if the database is compromised, your users passwords are safe.

    I hope this is helpful!
    LVL 9

    Accepted Solution

    If youre using MySQL then you should encrypt password on a database level...

    INSERT INTO tablename VALUES('var 1','var 2', PASSWORD('var3') , 'var 4');

    then when auth. user you query like this

    SELECT * FROM tablename WHERE user='user' AND pass=PASSWORD('pas');

    If database retun row, then user is valid.

    LVL 1

    Author Comment

    Which method is better as far as encryption goes?
    perl crypt() the password then insert the crypted password into mysql field or strictly using mysql password function?
    LVL 9

    Expert Comment

    I would say database, less code and confusion. :)
    Database encryption is "one way", so quite impossible to decrypt. And you don't need additional encryption.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Ever wondered how to display how many visitors you have online. In this tutorial I will show you an easy but effective way to display the number of online visitors in WhizBase. In this article I assume you have read my previous articles and know …
    Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
    Learn the basics of lists in Python. Lists, as their name suggests, are a means for ordering and storing values. : Lists are declared using brackets; for example: t = [1, 2, 3]: Lists may contain a mix of data types; for example: t = ['string', 1, T…
    Learn the basics of while and for loops in Python.  while loops are used for testing while, or until, a condition is met: The structure of a while loop is as follows:     while <condition>:         do something         repeate: The break statement m…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now