Need help understanding proper use of AES_ENCRYPT and AES_DECRYPT to encrypt passwords
Posted on 2006-05-14
I'm new to this. In tblMembers I have the field "pwd" for password. A new member will be filling in a form on my webpage to join (I'm using Dreamweaver and Coldfusion for the website; MySQL for the database). I want to be sure that the passwords in my database are totally secure. I think I need to use AES_ENCRYPT and AES_DECRPYT to do this. But I don't quite get the concept of the "key". How do I specify it? Do I just put any old string into the function, like this?..
INSERT INTO pwd VALUES (1, AES_ENCRYPT(pwd,'MySecurePasswordKey') ???
and then to retrieve the password later:
SELECT AES_DECRYPT(pwd,'MySecurePasswordKey') FROM .... (etc)
So I would use the same key for every password in my database?
Can anyone ever get to my code and read what the key is? How is it protected?
AND will I need to "order an SSL certificate" from my ISP in order to use these functions?