Jump to content


Photo

Storing a *decryptable password

password

  • Please log in to reply
No replies to this topic

#1 Wybe

Wybe

    Jedi In Training

  • Members
  • PipPip
  • 401 posts
  • Gender:Male
  • Location:the Netherlands
  • Interests:I have no interests

Posted 06 February 2013 - 05:01 PM

Allright Pixel2Life community, I turn to you for this question.

I'm developing an application which among others can connect to various IMAP servers for sending and receiving emails. I want to save the connection data in a MySQL database, so that I can let users add their own IMAP server (effectively replacing their email login with their user login). To do this, I must save a host, username and password for each server.

My question is, how would I store the IMAP password in MySQL as securely as possible, but in a manner that I can (decrypt and) retrieve the password on the appropriate moment?

My best guess would be to encrypt the password with a hardcoded salt and decrypt it with the salt later. That way, if only the DB server was compromised the passwords would be relatively safe. But then, how would I apply the salt?

Thanks for thinking with me :)

Oh PS. I'm using PHP 5.3





Also tagged with one or more of these keywords: password

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users