 |
|
| |
zeroCode now offers the ability to treat the content of designated database columns as being one-way encrypted, and to ensure that all modification to these columns is in encrypted form. |
|
|
One-way transformations |
|
A one-way transformation is a function that applies to a string, and produces another transformed string. The qualifier "one-way" indicates that the original string might not, in general, be recoverable from the transformed string. Examples of one-way transformations include: |
|
|
|
 |
Changing the string to all lower-case. |
|
|
Applying a hash function. |
|
|
Removing the parentheses and dashes in a US telephone number and reducing it to a 10-digit string. |
|
One-way encryption is similar to hashing, in that it produces an encoded string from which the original string cannot be recovered. It is therefore well-suited for maintaining password information in a database. The idea is similar to the one used on Unix systems, where users' passwords are subjected to one-way encryption before being stored in a file. |
|
|
|
Using password encryption in
zeroCode applications |
|
Also, when a new site is created, zDE now shows a 'store encrypted passwords' checkbox. Checking this box has two consequences. One is that the database column for the password is associated with the 'one-way encryption' transformation. The second is that the site's homePage UDM includes an extra node for encrypting the user-submitted password before checking it against the database. Thus the homePage UDM's structure depends on whether or not the site's passwords are encrypted. Therefore, if you remove password encryption from an existing site (by removing the association with the password column), or add password encryption to a site that does not currently support it, you must rebuild the site's homePage UDM. |
|
|
|
In summary, when password encryption is needed, the following cases are possible: |
|
|
|
|
Creating a new site with a new database.
This is the easiest to deal with: Simply check the 'Store encrypted passwords' check box. This will create the necessary homePage structure and the association for the password column. |
|
|
Creating a new site with an existing database. In this case, in addition to the above step, you will need to encrypt the existing data in the password column of the database. A small utility (encryptDatabaseColumn) is available for this purpose. Note, however, that this utility must be run just once: if run more than once, it will re-encrypt the encrypted data, thus rendering it unusable. |
|
|
Enabling encryption in an existing database. In this case, you must do three things: first, associate the encryption transformation with the password column, via the site options page; second, rebuild the home page UDM; and finally, encrypt the existing data in the password column in the database. |
|
|
|
|
