There are personal service need encrypt user's data only archived by his password which able to make database saved as secret data.It is meaningful I can make sure the software developer and manager can't get users data.
It's easy that I can choice a algorithm to let user's password as factor link it to the encrypted data.But how about user change his password? On the one hand, I can't save user's password straightly(password encrypted by md5 which is irreversible), on the other hand, I can't encrypt data again if password changed.
Does it able to do?Thanks
UPDATE
I hit by the situation when user forget his password.It seems my presupposition was unreality.>_<
Please consider it I haven't think of any idea.
Make the question fallback to "How to use encrypted data in database make sure only data owner can achieve it."
If not consider forget password, #samgak give a good idea at question comment.
And now, can I continue use users password as the key or find another way to deal with the new problem?
I want to show the password from database which is encrypted.
How to show envrypted password in admin dashboard page?
I have seen laravel documentation fo rehashing but i am not understanding it
Laravel hashes passwords, which is irreversible. You pretty much can't ever see a password once it's been hashed and stored in the database, and this is by design. It isn't encrypted, and thus, cannot be decrypted.
When someone signs in to the application, their password is HASHED, and then compared with the hash in the database. This is done so that a password can not be stolen from the database.
Now, I don't know your application or your circumstances, but I would consider it very bad practice to allow even an admin access to users' passwords (there shouldn't be a reason in the world they need to see those).
Here's a great video on the matter.
But if you REALLY still need this to happen, consider a making a custom authentication driver that at least uses encryption instead of hashing (but again, probably a bad idea). I found a few different tutorials with a quick google search.
Just need a little advice. I have a website based on CodeIgniter and using TankAuth and PHPass. I want to recode the website with another framework (Symfony 2).
Is there any way to allow user to log with their existing password or do I absolutely need to ask them to set a password again ?
Thank you very much :)
The best is to reset all the password and warn users through email or ask them to change the password with the new system.
Currently I am developing an application with 3 roles: 1 for customers, 1 for the company employees and another one for a Super Admin.
Is it a good practice to allow Super Admin users to see/edit the users' passwords through the UI? Or should it only be modified directly through the DB?
UPDATE: I am using asp.net membership provider and MySQL. Therefore, there is a table in the DB called my_aspnet_membership which stores two fields: Password and PasswordKey. The field PasswordKey seems to be the encrypted password. However, the Password field is stored in plain text. So, can anyone tell me why this is designed in this way if it is not a good practice? Thank you all for your responses!
UPDATE: For those who asked if it really stores the password in two different fields:
Your password should not be stored un encrypted inside your database and as such, shouldn't be visible to users of the UI nor the database.
As for whether it should be modifyable, sure.
In this case the password should be re-generated through user or administrator request. Again, this should be encrypted in the database. My preference would be to auto generate the new password for the user rather than have an administrator type it themselves.
Given this, the only way to change the password directly in the database would be to encrypt it first before insertion. It's quicker to do this through an UI that deals with the encrypting.
UPDATE
In answer to your update, you should specify in your web.config that the password format be hashed:
<providers>
<add [...]
passwordFormat="Hashed"
/>
</providers>
as outlined here:
http://msdn.microsoft.com/en-us/library/ff648345.aspx
There is never a reason to allow someone to see a password they do not own, under any circumstance.
Update for the OP Update: Of course I have no way to know why your DB was designed like this. Thinking optimistically, it contains the plain password so that if a user forgets their password it can be mailed to them -- a bad excuse, but an unfortunately common one. A better alternative is to have the system mail them a freshly generated temporary password -- one which works only to allow setting of a permanent password (and does not destroy the current password until the change occurs).
No user should be allowed to see the Plaintext password of any other user whatsoever. The password must be encrypted atleast if not hashed even in the database.
You MAY allow the super admin to change any user's password, but allowing him to see it in plaintext is taboo.
EDIT: Are you absolutely certain the password field stores the password in plaintext, while there exists another passwordkey field? Because, it sounds similar to a 'salt' mechanism to me. Where, the password is first encrypted with one key, and then re-encrypted with the passwordkey field.
EDIT 2: I am now almost absolutely certain that your database is using a salted password. Salted passwords are often used to increase the security level of the database. For more information on salt, check this.
You should always save passwords encrypted. Therefore you don't have any possibility to show the superadmin the password of another user.
You should never ever store password as is in any database. Always use a hash function to save the password.
You should save all passwords encrypted in DB.. Not in plaintext!!
I am merging a small group on sort of site with my joomla site. I already have members in my joomla site so I somehow want to migrate the users of joomla to groupon database which uses a different encryption scheme for password. Is there a way to do that?
You would have to have the unencrypted passwords to be able to use that. There is no conversion from one encryption scheme to another.