 |
|
| FriendFeed is the easiest way to share online. Learn more » |
Software Development:
Mihai Secasiu
Does anyone here have any experience with encrypting user's personal data and storing it encrypted in the database ( MySQL) ? It has to be two way because the user ( once logged into the system ) must be able to see it and change it. The encryption key should not be stored anywhere in the system.
February 2, 2009
- Comment
- Like
- Share
I was thinking I could store user's password encrypted ( one way ). and after login use the password that the user provides to encrypt/decrypt the sensitive data. But what do I do if the user forgets his password ?
- Mihai Secasiu
You can assign random password and use it as your private key. However, isn't this method is also keeping your key on the system?
- Özkan Altuner
I think you should not display the password to the user even if he has login to the system. The user must be able to change it, but no need of seeing it. If the user forgot the password, that's his fault and you are not required to display it back; instead you should ask him to pick a new password.
- Kamal Mettananda