hey there,
i’d like some opinions on how to securely store and read passwords on an sql database. right now i’m just storing the hash of the password using md5, then if i want to compare the passwords its just hashing the user’s input password and comparing it to the one stored on the db. any other methods?
chris
use either md5() or the crypt() function than store the crypted or md5() in the db. ( better to use mysql instead of sql ( sql not that secure if you really want to have the best )
than when checking the pass / user agains that crypted or md5 use something like this.
$query = "SELECT * FROM users WHERE uname='$username' AND passwd=MD5('$password')";
same for the crypt
if you mean MS SQL, mySQL is not as feature rich and powerful as MS SQL. You won’t find enterprise level companies using mySQL.
Security is only as good as the person administrating it. There is nothing wrong with MS SQL (other than it is owned by Microsoft 
).
Probably the weakest link is when the user connects to the server via the browser. The rest is happening server-side. If you have an SSL or shared SSL connection then use it for the login page.
MD5 provides good security. Of course, in theory it’s possible to decrypt an MD5 hash, but that’s strictly in theory (I think some dude found a collision a while ago, made Slashdot)
:: Copyright KIRUPA 2024 //--