[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 462
  • Last Modified:

PERL CRYPT() Help

I use the following subroutine to encrypt a password, then another to store it in a database. I have not been able to figure out how to handle the login process for the user. i.e. the user places username and password in a form and submits. How can my perl script check the password for validity?

sub  encrypt_pass
   {
      my $str=$FORM{new_password};
      my $str= shift @_;
      my @salt_chars         = ('a'..'z','A'..'Z','0'..'9');
      my $salt               = $salt_chars[rand(63)] . $salt_chars[rand(63)];
      return crypt($str, $salt);
   }
0
Bob-Villa
Asked:
Bob-Villa
  • 2
1 Solution
 
arantiusCommented:
Hi Bob-Villa,
The basic secure process for handling password logins is this:
Retrieve plain text password from user, encrypt it, store in the database.
On future logins, retrieve encrypted password from database.  Encrypt supplied password, then check these two values.  If they are the same, the user provided the correct password.  And, the plaintext password is never saved, so if the database is compromised, your users passwords are safe.

I hope this is helpful!
0
 
gruntarCommented:
If youre using MySQL then you should encrypt password on a database level...

INSERT INTO tablename VALUES('var 1','var 2', PASSWORD('var3') , 'var 4');

then when auth. user you query like this

SELECT * FROM tablename WHERE user='user' AND pass=PASSWORD('pas');

If database retun row, then user is valid.

Cheers
0
 
Bob-VillaAuthor Commented:
Which method is better as far as encryption goes?
perl crypt() the password then insert the crypted password into mysql field or strictly using mysql password function?
0
 
gruntarCommented:
I would say database, less code and confusion. :)
Database encryption is "one way", so quite impossible to decrypt. And you don't need additional encryption.

Cheers
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now