4

I am updating a web system for a client, and his 'accounts' table has over 20,000 users, each with a password field of straight text, meaning none of the passwords are encrypted. (I know, scary!) Anyway, I need to know how to take ALL of these passwords and easily encrypt them, preferably in batch style, and import them back into the db. I couldn't find much in searches. I did see B-Crypt, but that looks to be used mostly for files. I'm pretty novice at this so ANY suggestions would be greatly appreciated! Thanks. :)

Improve this question
0

2 Answers 2

Reset to default
2

Here is one way to do this.

UPDATE table_Users
SET password = EncryptionFunctionYouChoose(password);

EDIT where "table_Users" is the table where your password is held and "password" is the column name for the password. END EDIT

Although a better idea would be to hash each password with an individual salt value rather than encrypting. (my opinion)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

As far as I know MySQL does not provide in-built B-CRYPT function. Refer. If you just want to solve this issue by using MySQL queries you can do something like

update users set password = SHA2(password, 256);

But if you do like to BCrypt, I guess you will have to do it at app level.

There are always interesting discussions on storing password in database. See this list

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.