I want to create a script that will securely store passwords, to create a sort of... password database.
Basically, a user will have a list of passwords that they can either read, write, and share with other users on the script.
My question is, how can I store passwords in the database, that the script can't decrypt, unless a user is logged in with the credentials, so if a hacker got a hold of the database, and the script they couldn't reverse engineer it and decrypt the passwords that are stored in it.
I know that I can encrypt text easily based on a user's password, but the problem I keep running into is what happens when there's multiple users with different passwords all trying to decrypt it.
I'm not asking for someone to write this for me . Just asking how I can get around this problem.
Here's a simple version of the database that the script will have:
userID (Primary Key, Unique, Index)
userName (Text, user uses to login with)
userLoginPassword (Text, MD5 hash of the password the user logs in with. Not to be confused with the passwords table (Yes, I know MD5 is not secure... just for testing).)
permissionID (Primary Key, Unique, Index)
passwordID (ID of the password)
userID (ID of the user)
permissionLevel (Permission level a userID has for this passwordID, will be like 0-no access, 1-read only, 2-write, 3-share, etc)
passwordID (Primary Key, Unique, Index)
passwordText (The password that's being stored, and encrypted).
passwordComment (Just comments for the password).