Password encryption

Discussion in 'other security issues & news' started by THE_CYBER_BOSS, Sep 10, 2003.

Thread Status:
Not open for further replies.
  1. THE_CYBER_BOSS

    THE_CYBER_BOSS Registered Member

    Joined:
    Sep 10, 2003
    Posts:
    2
    Hello,

    I'm looking for some help on how to send encrypted password while logging into the database.

    My users log into the database by first connecting to the internet and then launching an application preloaded on their PCs.This application doesn't contacts the database on port 80 or 443 but on some other port.The username/passoword can be in the database itself or in the OS.
    I want the passwords travelling to authenticate should be encrypted.

    How can i accomplish the task in this secnario?

    Any help on this'd be appreciated.

    Regards,
     
  2. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Are you sure that the password is not transmitted in an encrypted form?

    If you can't use https (port 443) and if there's no encryption in the current application, then I think the only way to accomplish this is by using vpn's. This requires a vpn client on the end users' pc's and using a vpn enabled firewall. Microsoft pptp implementation might be sufficient.
     
  3. THE_CYBER_BOSS

    THE_CYBER_BOSS Registered Member

    Joined:
    Sep 10, 2003
    Posts:
    2
    Thanks for your reply.

    VPN would add extra cost.If i can do something on OS level. Ihave got SUN OS and Win2K.
     
  4. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    I need some more answers...

    Do the users connect to the database through a firewall?
    If not: why not and is this possible?

    Is there an application server that connects to the database first? If so, is this application server hosted in a Demilitarized Zone?
    If the client connects to the database directly: what other security measures have been taken in order to prevent breaches of security like hacking?

    Again: does the application use password and session encryption by itself?

    Vpn's can be arranged for free, it just requires an ipsec compliant implementation. Most linux'es offer this. Microsoft Windows PPTP is free too, it's in the package.
     
Loading...
Thread Status:
Not open for further replies.