Need help understanding proper use of AES_ENCRYPT and AES_DECRYPT to encrypt passwords
I'm new to this. In tblMembers I have the field "pwd" for password. A new member will be filling in a form on my webpage to join (I'm using Dreamweaver and Coldfusion for the website; MySQL for the database). I want to be sure that the passwords in my database are totally secure. I think I need to use AES_ENCRYPT and AES_DECRPYT to do this. But I don't quite get the concept of the "key". How do I specify it? Do I just put any old string into the function, like this?..
INSERT INTO pwd VALUES (1, AES_ENCRYPT(pwd,'MySecureP
and then to retrieve the password later:
SELECT AES_DECRYPT(pwd,'MySecureP
So I would use the same key for every password in my database?
Can anyone ever get to my code and read what the key is? How is it protected?
AND will I need to "order an SSL certificate" from my ISP in order to use these functions?
Thanks.
INSERT INTO pwd VALUES (1, AES_ENCRYPT(pwd,'MySecureP
and then to retrieve the password later:
SELECT AES_DECRYPT(pwd,'MySecureP
So I would use the same key for every password in my database?
Can anyone ever get to my code and read what the key is? How is it protected?
AND will I need to "order an SSL certificate" from my ISP in order to use these functions?
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER