How do I protect the password stored in the database.
The best way would be to store a hash of the password, rather than the
password itself. Microsoft has a redistributable API[1] that you can use
to generate the hash. Below I have included a function that demonstrates
the use of this API in VBScript.
' Function: Hash
' Generate a hash of a string value using the SHA1 algorithm.
'
' Arguments:
' value - The text to process
'
' Returns:
' A string containing the hexadecimal representation of the
' hash value.
Function Hash(value)
Dim data: Set data = CreateObject("CAPICOM.HashedData")
data.Algorithm = 0 ' CAPICOM_HASH_ALGORITHM_SHA1
data.Hash value
Hash = data.Value
End Function
When the visitor creates his account, you would use a function such as
this to generate a hash of the password he provided, and store that in the
database. Later, when the user logs in to your site, you would again
generate a hash of the password he provides and compare it to the one you
stored previously.
Keep in mind that, regardless of the length of the password, the hash will
be 40 characters long. Your database schema will need to reflect this.
[1] Platform SDK Redistributable: CAPICOM
http://www.microsoft.com/downloads/...3a-a843-462f-abb5-ff88ea5896f6&DisplayLang=en