Database Encryption

Using SHA1() function is a pseudo-encryption. Although using it is perfectlyfine, it doesn't provide real encryption. It returns a representation of a value.

MySQL has several encryption and decryption functions. If you require data to be stored in an encrypted form that can be decrypted, you'll want to use AES_ENCRYPT() and AES_DECRYPT(). These two functions take two arguments: the string being encrypted or decrypted and a salt argument. The salt argument is a string that helps to randomize the encryption. The only trick is that the exact same salt must be used for both encryption and decryption.


Security | Introduction | Preventing Spam | Validating Data by Type | Preventing XSS Attacks | Preventing SQL Injection | Database Encryption
© 2008: Hann So
email: hso@voyager.deanza.edu