Password encryption

Hello,

I'm looking for some help on how to send encrypted password while logging into the database.

My users log into the database by first connecting to the internet and then launching an application preloaded on their PCs.This application doesn't contacts the database on port 80 or 443 but on some other port.The username/passoword can be in the database itself or in the OS.
I want the passwords travelling to authenticate should be encrypted.

How can i accomplish the task in this secnario?

Any help on this'd be appreciated.

Regards,

 

Are you sure that the password is not transmitted in an encrypted form?

If you can't use https (port 443) and if there's no encryption in the current application, then I think the only way to accomplish this is by using vpn's. This requires a vpn client on the end users' pc's and using a vpn enabled firewall. Microsoft pptp implementation might be sufficient.

 

Thanks for your reply.

VPN would add extra cost.If i can do something on OS level. Ihave got SUN OS and Win2K.

 

I need some more answers...

Do the users connect to the database through a firewall?
If not: why not and is this possible?

Is there an application server that connects to the database first? If so, is this application server hosted in a Demilitarized Zone?
If the client connects to the database directly: what other security measures have been taken in order to prevent breaches of security like hacking?

Again: does the application use password and session encryption by itself?

Vpn's can be arranged for free, it just requires an ipsec compliant implementation. Most linux'es offer this. Microsoft Windows PPTP is free too, it's in the package.