Every once in awhile I will have a task that involves storing a password in the Drupal database, maybe so that a module can connect to a server or service. Unfortunately it is not secure to store sensitive information in the database unless it is encrypted. So tonight I wrote and released the Encrypt module
Drupal core does store passwords in the database: the user passwords. But this is one-way encryption, or creating a hash, meaning that once encrypted there is no built-in way to retrieve the data that was hashed. You can only compare hashes, hence why Drupal does not allow you to retrieve a lost password, simply it offers the ability to reset it.
Two-way encryption, or just encryption is the idea of taking a message, altering it so that it is unrecognizable usually with some sort of key, then sending it someone that also shares that key and can decrypt the code to get the original message. There are many methods of encryption, and it's hard to know what method is best.
Why do we need encryption? Well, let's take for instance the example above. I want the user to enter in their password for an FTP site so that I can get some files from it once a day. But, I don't want the user to have to come to the site and enter in their password every day to do this. Ideally I want to be able to store that password and retrieve it when I need it. This is where encryption comes in.
Unless otherwise noted, all content on this site is licensed under Creative Commons Attribution-Share Alike 3.0.
Please see the legal page regarding more in depth information on copyrights or other relevant laws.
