| Subject | Re: I want to store encrypted passwords in a VARCHAR(50) field |
|---|---|
| Author | red_october2009 |
| Post date | 2012-11-23T17:36:23Z |
Thanks for the quick replies everyone! Ok, I did some more reading and experimenting. Here for all, and for all time, is the simplest solution.
Environment:
Delphi 7, dbExpress, CryptoPressStream (cps), Firebird 2.5 (FB)
Problem: I need to store thousands of encrypted passwords using cps in a FB database. FB has no problem handling this data, but dbExpress, although it's a great product, has a couple limitations with transferring binary data not in a BLOB type zero field.
Solution:
In the FB table to store the passwords, create an ordinary varchar() field (don't specify a CHARACTER SET. Leave it as the default). Make it much wider than any password would be, just to allow for the password and overhead:
PWD VARCHAR(100);
In Delphi, create the fields in your TClientDataSet as you normally would, which brings the field in as a TStringField.
cdsMyTablePWD: TStringField;
TO ENCRYPT AND STORE:
In Delphi, using your TCPSManager (in this case named cpsCWP):
... Button OnClick Event ...
new_pwd := Copy(new_pwd, 1, 30);// I chop these at 30 to be safe
new_pwd := cpsCWP.CompressAnsiString(new_pwd);
new_pwd := cpsCWP.StringToFormat(new_pwd, cpsSfMIME64);
// Now we have an ordinary "safe", non-binary string in new_pwd
// Next, let's store it
with cdsCWP do
begin
Edit;
FieldByName('PWD').AsString := new_pwd;
Post;
ApplyUpdates(-1);
...
end;
TO FETCH AND DECRYPT:
// The following procedure decrypts the password and displays it in a label.
procedure TfrmMyForm.UpdatePwdLbl;
var s: String;
begin
if not cdsCWPPWD.IsNull then
begin
s := cdsCWPPWD.AsString;
s := cpsCWP.FormatToAnsiString(s, cpssfMIME64);
lblPwd.Caption := cpsCWP.DecompressAnsiString(s);
end;
end;
This method works because each product is handling something it is familiar with. Security is maintained even if some one breaks into your DB, they can't see everyone's password.
Environment:
Delphi 7, dbExpress, CryptoPressStream (cps), Firebird 2.5 (FB)
Problem: I need to store thousands of encrypted passwords using cps in a FB database. FB has no problem handling this data, but dbExpress, although it's a great product, has a couple limitations with transferring binary data not in a BLOB type zero field.
Solution:
In the FB table to store the passwords, create an ordinary varchar() field (don't specify a CHARACTER SET. Leave it as the default). Make it much wider than any password would be, just to allow for the password and overhead:
PWD VARCHAR(100);
In Delphi, create the fields in your TClientDataSet as you normally would, which brings the field in as a TStringField.
cdsMyTablePWD: TStringField;
TO ENCRYPT AND STORE:
In Delphi, using your TCPSManager (in this case named cpsCWP):
... Button OnClick Event ...
new_pwd := Copy(new_pwd, 1, 30);// I chop these at 30 to be safe
new_pwd := cpsCWP.CompressAnsiString(new_pwd);
new_pwd := cpsCWP.StringToFormat(new_pwd, cpsSfMIME64);
// Now we have an ordinary "safe", non-binary string in new_pwd
// Next, let's store it
with cdsCWP do
begin
Edit;
FieldByName('PWD').AsString := new_pwd;
Post;
ApplyUpdates(-1);
...
end;
TO FETCH AND DECRYPT:
// The following procedure decrypts the password and displays it in a label.
procedure TfrmMyForm.UpdatePwdLbl;
var s: String;
begin
if not cdsCWPPWD.IsNull then
begin
s := cdsCWPPWD.AsString;
s := cpsCWP.FormatToAnsiString(s, cpssfMIME64);
lblPwd.Caption := cpsCWP.DecompressAnsiString(s);
end;
end;
This method works because each product is handling something it is familiar with. Security is maintained even if some one breaks into your DB, they can't see everyone's password.