CodeCharge Studio

Implementing Password Encryption


For improved security many Web systems encrypt user passwords stored in a database. CodeCharge Studio supports the following types of user authentication:


An implementation of any of the supported password encryption methods consists of the following steps:

 

Choosing a desired password encryption method

You can utilize any password encryption method supported by your database or programming language, for example MySQL PASSWORD function, or PHP md5() function. For the list of available encryption functions please refer to your programming language or database documentation.
You can also use two-way encryption function CCEncryptString (ASP, PHP, Perl) included in CodeCharge Studio or any standard encryption functions of other programming languages, for example if you want to be able to decrypt passwords later or email them to end-users.
If using PHP with MySQL, consider using the MD5 function which is supported in a compatible way by both PHP and MySQL. This will make it easier to convert your application to a different database type or programming language, should you find a need to do so in the future.

Configuring password encryption support in CodeCharge Studio Project Settings

To configure the authentication (login) functionality to utilize encrypted passwords, navigate to Project Settings -> Security -> Advanced and configure the encrypted password validation settings. Refer to Advanced Security Settings for more information.

Creating a user registration, user maintenance and password update forms that save encrypted passwords

After enabling the Password Encryption feature in  the Advanced Security Settings , the Application Builder and Record Builder will display an additional password encryption option when creating new forms based on the default users table as shown below.

   

When this option is selected, the builder will create a form with all related functionality, including certain actions assigned to events.

You can also manually configure a pre-existing user registration or user maintenance form to support password encryption. To do so, use the Record Builder with the password encryption option turned on and analyze how the page and events are structured. Here are a few things to watch for:

 

Encrypting existing passwords in a database

If your database already contains plain text passwords you can convert them to an encrypted format if you are using a Database Function method for encryption. The following sample SQL statement encrypts the user_pass field stored in the users table, using MySQL PASSWORD function:
UPDATE users SET user_pass=PASSWORD(user_pass);


On-line, printable versions and updates