I created a database structure in which a user gets a public and a private key to access information, the public key is uploaded to the database and the private key is encrypted with the users password so I let he can access it. To implement a "Forgot my Password" in this structure an email would have to be sent to the Unser, which provides the option to encrypt the private key with a new password. I thought about storing all private keys somewhere else but that would compromise the entire security, because I don't want the private key or the password stored anywhere in the database. So the problem that I'm having now is that I don't have access to the private key without the original password, so how would I be able to let the user re encrypt it with a new password.
Forgot my password for secure database
159 Views Asked by Mercury At
2
There are 2 best solutions below
Related Questions in DATABASE
- How to add the dynamic new rows from my registration form in my database?
- How to store a date/time in sqlite (or something similar to a date)
- Problem with add new attribute in table with BOTO3 on python
- When an E-R attribute should be perceived as a relationship attribute or as an entity set attribute?
- SQLAlchemy: efficient relationship loading in 3-way many-to-many relationship
- Cannot connect to Postgres Database when running Quarkus Tests with Gitlab ci
- Local or remote database with react-native?
- I want to edit a specific row in database
- How to enter data in mongodb array at specific position such that if there is only 2 data in array and I want to insert at 5, then rest data is null
- Open Web Library
- database login.py and register.py error showing 404 file not found and doesn't work
- SQL71561: SqlComputedColumn: When column selected
- Liquibase as SaaS To Configure Multiple Database as Dynamic
- Updated max input vars but table still shows error
- Spring does not map set of roles
Related Questions in PASSWORD-PROTECTION
- Password protected or private URL one-time viewable video access
- Export password protected PDF from QGIS
- How to pass through a VBA Project Password and remove the VBA Project Password via vb code
- How to password-protect an XLSX file in Python
- Changing users's passwords on Hashicorp Vault
- python check if compressed file is password-protected with just a small part of a file
- Write URL into ntag215 with password protection
- Securely safe credentials in a web-backend
- ThisWorkbook.Protect in Workbook_open() not working 100% of the time
- Edit password protected macro in Workbook 1 with another macro in Workbook 2
- VBA - Password prompts again when file is read only
- When I tap and immediately type, the UITextField freezes, but if I tap it then wait, type works
- NGINX password protection not working on Ubuntu 22
- Have I Hashed and Salted Correctly?
- Github claims somehow my password has been compromised and leaked. But there are no other evidences of it
Related Questions in PASSWORD-ENCRYPTION
- Encrypt data in flutter with a public key
- I am encrypting password using SHA2_256 hashbytes converter in SQL; now I want to see the orginal data
- Hoa can I get the session id and pass it to an encryption function?
- DB2 encrypt() problem with PHP and parameterised query
- JSR223 Pre Password Encryption database connection errors
- Problem in JSR223 script JSR223 Sampler:javax.script.ScriptException: groovy.lang.MissingMethodException: No signature of method:
- How to store key from an encrypted prepopulated db in an Android App
- EDR Detection For A Clear Password For Websphere Password
- App's PIN code resistance against Android's root user
- Should a password salt be stored in a database
- need help decoding using cryptography fernet
- How to Improve a Password Validation Function in PHP: Ensuring Strong Security and Proper Function Typing
- User Validation Node.js/MySql
- JMeter Password Encryption
- Laravel - Login Laravel - Passowrd HashBytes ('mD5')
Related Questions in DATABASE-SECURITY
- How to protect local database files from non-admin users
- Multitenancy with Database connection using credentials to achieve pure isolation and increases security
- Can I protect T-SQL business logic from SQL Server database administrators and owners
- Is CouchDB Authorization Alone Sufficient For Production Apps?
- Building a full stack web app with SvelteKit, MongoDB, and Auth0 while ensuring secure user-specific document access
- where to start building a web service layer to secure my database?
- How to setup row level access in Postgres without creating a user
- Hide a database from logins with VIEW ANY DATABASE permission
- How to give one user full access to MongoDB right after install?
- How to design security policies for a following system including counters in postgres/supabase if postgres functions are used?
- Security trigger when user is added to a database
- Disable update, insert, delete for certain users from certain applications
- Deny doesn't take priority in case of permission chain?
- Postgres: Is Using Both Prepared Statements and Character Escaping Sufficient to Avoid Malicious User Input Attacks?
- Connect mongoDB atlas to application using VPC without username password
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
You don't need the original password to add the option for the user change the password. And is very dangerous create a way to recover the original passoword of the user. If I was you, I would use some hash algorithm, like SHA-256, and store the result as the password of the user.
Well, returning for the question, one way to accomplish this password user change is create a UUID in your
Usertable. When the user try to change his password, you redirect him to a page with this UUID in the link. This UUID works as a temporary key that permit the user change his password.Per example.
Table: User
When the user wants to change the password, you send a link for his e-mail:
So, when the user enter the new password in the page and submit the informations, you get this UUID and validate if it's really the UUID generated for the user. So, the password change can happen.