[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: securing a PHP - odbc - mysql site.

To: misc@openbsd.org
Subject: Re: securing a PHP - odbc - mysql site.
From: Chuck Yerkes <chuck+obsd@2003.snew.com>
Date: Mon, 8 Sep 2003 22:23:44 -0400
Content-Disposition: inline
Mail-Followup-To: Chuck Yerkes <chuck+obsd@2003.snew.com>,misc@openbsd.org
References: <BAY7-F7Snz8kxpycYGQ0000f8a2@hotmail.com> <20030909004731.GA26386@wilbur.25thandClement.com>
User-Agent: Mutt/1.4i

Quoting William Ahern (william@25thandClement.com):
> On Mon, Sep 08, 2003 at 08:21:43PM -0400, Michael Alaimo wrote:
> > Also what would the best way to set up a username and password field as 
> > part of the sql
> > database?
> 
> For one thing, never store the password in plain text, nor _encrypt_ it.
> Transform the passwords using a one-way hash such as SHA1. Then to check
> whether a password is valid, hash the supplied password and check it against
> the stored hash in the database. If they match, it'll be the same password.
> No other password will hash to the same value, and it's impossible (as
> impossible can be) to get the plaintext password from the hash.

Guys, this is a PHP or database thread.

There are 4 books or so JUSt on PHP and MySQL programming.

There are also many lists and news groups on this topic.

Follow-Ups:
- Re: securing a PHP - odbc - mysql site.
  - From: Asenchi <asenchi@asenchi.com>

References:
- securing a PHP - odbc - mysql site.
  - From: "Michael Alaimo" <ratfinklelinkle@hotmail.com>
- Re: securing a PHP - odbc - mysql site.
  - From: William Ahern <william@25thandClement.com>

Prev by Date: Re: openbsd_cover34.jpg
Next by Date: Re: Thinkpad T23 sound auich0 xmms
Prev by thread: Re: securing a PHP - odbc - mysql site.
Next by thread: Re: securing a PHP - odbc - mysql site.
Index(es):
- Date
- Thread