Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Storing Passwords

  • 03-04-2007 7:22am
    #1
    daryllsheridan
    Closed Accounts Posts: 44


    In the very early stages of designing a site and im just messing around with the login / register features

    What are people's opinions on storing passwords? From a security point of view and a general usability point of view!

    Site will be just for general info (its going to be student related) and i wont be storing any sensitive information but still know the passwords should be encrypted

    Is storing as MD5 the best solution (i know this has its own problem as regards lost passwords etc)

    Or is a two way encryption better? Havent really had much luck finding a good 2 way encryption algorithim (if anybody knows one that'd be cool)


Comments

  • #2
    Trampas
    Registered Users, Registered Users 2 Posts: 8,028 ✭✭✭Trampas


    Some DMBS systems allow fields to be a password field so all appears in the database is **** for the characters


  • #3
    chakotha
    Registered Users, Registered Users 2 Posts: 912 ✭✭✭chakotha


    I have found Blowfish straightforward to use.

    http://pear.php.net/package/Crypt_Blowfish

    or this looks faster to get going but I haven't tried it

    http://codewalkers.com/seecode/593.html


  • #4
    NutJob
    Closed Accounts Posts: 884 ✭✭✭NutJob


    MD5 is fine but remember to seed the passwords so a straight md5lookup is useless.

    php example
    http://ie.php.net/manual/en/function.md5.php#56934


    As for the lost password problem just use the email back a message to verify a user is who they claim method.


  • #5
    Hobbes
    Registered Users, Registered Users 2 Posts: 21,264 ✭✭✭✭Hobbes


    I'd go with one way encryption. Public / Private key.

    Then when they enter the password to login you encrypted it and compare the encryptions.


  • #6
    The Corinthian
    Closed Accounts Posts: 19,777 ✭✭✭✭The Corinthian


    Store your users/passwords as database users with just the bare necessary rights on the database in question.


  • Advertisement
  • #7
    Martyr
    Closed Accounts Posts: 1,567 ✭✭✭Martyr


    NutJob wrote:
    MD5 is fine but remember to seed the passwords so a straight md5lookup is useless.

    php example
    http://ie.php.net/manual/en/function.md5.php#56934


    As for the lost password problem just use the email back a message to verify a user is who they claim method.

    i would second this this suggestion.


Advertisement