1

I am designing a web app where we require to take some credentials from users to access few websites like (Equfax etc.. )

I know that saving these credentials in plain text is a bad idea. But we need the back end team to get the password for the business process.

How can retrieve the Hashed password and display it as plain text ?

If this doesn't work, then I guess i can use a PDF form to get the details and save the file as a blob in mysql and download it when required. But, still I know this a risk if the database is stolen.

Let me know, If I have a solution for this.

Thank you for reading this.

Improve this question

1 Answer 1

Reset to default
1

Yes indeed you would need to encrypt these passwords if you store them anywhere on your server (database, text file, RAM... anywhere). Now, the tricky part is that if your app can decrypt these passwords by itself, then anyone who breaks into your server will be able to do the same by reverse-engineering your code.

The only way to prevent that is to use an encryption key made of two separate components: - a server key, stored in your app's code - and a user key that the back-end team will input in the app (upon login for example).

Eg: $encryption_key = $server_key . $user_key;

$encrypted_password = your_encryption_function($key, $value_to_encrypt);
$decrypted_password = your_decryption_function($key, $value_to_decrypt);

The $user_key would then be input by your back-end staff member before being able to decrypt/encrypt the passwords. That key would have to be shared across all back-end staff members.

Potentially, you could also salt each password to add a third component to the encryption key.

$encryption_key = $server_key . $user_key . $password_salt;
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you Simon.. I will look into this :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.