For improved security many Web systems encrypt user passwords stored in a
database. CodeCharge Studio supports the following types of user authentication:
An implementation of any of the supported password encryption methods consists
of the following steps:
You can utilize any password encryption method supported by your database or
programming language, for example MySQL PASSWORD function, or PHP md5()
function. For the list of available encryption functions please refer to your
programming language or database documentation.
You can also use two-way encryption function CCEncryptString (ASP,
PHP, Perl)
included in CodeCharge Studio or any standard encryption functions of other
programming languages, for example if you want to be able to decrypt passwords
later or email them to end-users.
If using PHP with MySQL, consider using the MD5 function which is supported in a
compatible way by both PHP and MySQL. This will make it easier to convert your
application to a different database type or programming language, should you
find a need to do so in the future.
To configure the authentication (login) functionality to utilize encrypted passwords, navigate to Project Settings -> Security -> Advanced and configure the encrypted password validation settings. Refer to Advanced Security Settings for more information.
After enabling the Password Encryption feature in the Advanced Security Settings , the Application Builder and Record Builder will display an additional password encryption option when creating new forms based on the default users table as shown below.
When this option is selected, the builder will create a form with all related functionality, including certain actions assigned to events.
You can also manually configure a pre-existing user registration or user maintenance form to support password encryption. To do so, use the Record Builder with the password encryption option turned on and analyze how the page and events are structured. Here are a few things to watch for:
If your database already contains plain text passwords you can convert them
to an encrypted format if you are using a Database Function method for
encryption. The following sample SQL statement encrypts the user_pass
field stored in the users table, using MySQL PASSWORD function:
UPDATE users SET user_pass=PASSWORD(user_pass);