[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: securing a PHP - odbc - mysql site.
Quoting William Ahern (william@25thandClement.com):
> On Mon, Sep 08, 2003 at 08:21:43PM -0400, Michael Alaimo wrote:
> > Also what would the best way to set up a username and password field as
> > part of the sql
> > database?
> For one thing, never store the password in plain text, nor _encrypt_ it.
> Transform the passwords using a one-way hash such as SHA1. Then to check
> whether a password is valid, hash the supplied password and check it against
> the stored hash in the database. If they match, it'll be the same password.
> No other password will hash to the same value, and it's impossible (as
> impossible can be) to get the plaintext password from the hash.
Guys, this is a PHP or database thread.
There are 4 books or so JUSt on PHP and MySQL programming.
There are also many lists and news groups on this topic.