Storing passwords in php 5
You have just created a system where a user needs to login with some type of username/password combo and you need to store the password.How do you safely go about doing this?
Software >> PHP Programming
Storing passwords in php 5
This topic is something that every php programmer will have to deal with at some point in their programming career. You have just created a system where a user needs to login with some type of username/password combo and you need to store the password (either in plaintext or in some type of database). How do you safely go about doing this? You could store it in plaintext, but this would be a bad idea. Anyone that has access to your server would also be able to get your passwords and the data that they are trying to protect.
A simple yet effective approach
In the past, sha1() or md5() would have been the most effective and secure way to encrypt your data, but recently it has been shown that these functions can be compromised and there is another set of more secure functions.
The function name is called hash(). Here is a list of it’s functionality/parameters:
string hash ( string algo, string data [, bool raw_output] )
Parameters
Algo: Name of selected hashing algorithm (i.e. “md5?, “sha256?, “haval160,4?, etc..)
Data: Message to be hashed.
Raw_Output: When set to TRUE, outputs raw binary data. Default value (FALSE) outputs lowercase hexits.
Returns: Returns a string containing the calculated message digest as lowercase hexits unless raw_output is set to true in which case the raw binary representation of the message digest is returned.
Using this function (note: this function is only available in php 5.1.2 and above)
common PHP security mistakes
You can use the following funcion: hash_algos() to get a list of system specific hashing algorithims that are supported by php.
(Inserting into your database/storing)
$password = hash(’sha256',$_POST[’password’);
-
Lastest Articles
10 principles of search engine friendly web design
Search engine friendly web design is web design that is planned around known search engine optimization principles. If ranking well in the search engines is important to you then the first step towards6 tips to improve results from your website
Make sure you know why you want a website and what you want your website to do for you. Write down some broad goalsCross Browser Compatibility
there are really only two types of browsers you need to consider. If you run a fairly standard website, these will probably account for 99% of your audienceHow to get the Web 2.0 Look and Feel
refers to the new wave of community driven websites, it is also increasingly used to describe the fresh and clean design approach they useRevealing Facebook Application XSS Holes
Beginning tomorrow, September 1st, I will begin posting full technical details of cross-site scripting vulnerabilities that I have discovered in Facebook applicationsFacebook Applications are Now Even More Valuable Hacking Targets
which I called a FAXX hack, enables one to not only post links to Facebook for viral effects but also harvest a wealth of information on victimized users along the wayNew Trick to View Hidden Facebook Photos and Tabs
Last December, I posted a bit of JavaScript known as a bookmarklet that allowed you to see photo albums for any Facebook user if the album privacy settings allowed itUsing Google Buzz Can Expose Your Gmail Address
In short, having a public Google profile (which you might have created when checking out Google Buzz) can allow others to figure out your Gmail addressGoogle Takes Small Steps for Buzz, Points to Big Solutions for Social Networking
Buzz, Google's controversial attempt to unseat Facebook as the most mainstream of social activity stream readers, just made some much-needed changes that Facebook could learn from as wellGet Satisfaction Turns Facebook Fan Pages into Customer Support Hubs
Get Satisfaction, the popular online customer service company, just announced that it is bringing its service to Facebook fan pages