PHP + MSSQL + password encryption

psuplat

All hail to the masterminds of php🙂 Newbi is asking for help🙂

Up until now I was creating pages based on php and mysql database, and was doing ok with it.

But now I have to develop system based on php and mssql database. I created the connection to the database, and can run queries on it, but I run into small problem.

The system will have user account with users belonging to different privalage groups. The problem I'm having is the storing of passwords in database.

On mysql when storing password I simply used PASSWORD() function and the password was being encrypted. Apparently mssql doesn't have such function. I did a quick search on the web but all i could find was hoto do encryption in asp.net.

Any ideas how to replace the password() function.

Thanks

bradgrafelman

First thing's first - the MySQL PASSWORD() function is a hashing function, so when you say "encryption" you should really say "one-way encryption" because otherwise most people tend to think about forms of encryption that can later be decrypted.

Second, there are many standard hashing algorithms out there, such as MD5, SHA1, SHA256, etc. For example, a quick Google search turned up the HashBytes function for MS SQL Server.

Finally, note that there is no reason that you need the SQL server to do the hashing for you; PHP is more than capable of doing this. In fact, I usually prefer to keep the hashing in the PHP code, so that it is not only database-independent, but in the event that the SQL server isn't on the same machine I don't want to have to worry about whether or not someone can capture the SQL traffic (in which the password is being sent in plain text).