SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Evangelist webchalkboard's Avatar
    Join Date
    Jan 2005
    Location
    Bristol, UK
    Posts
    494
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question UK Data protection rules about storing passwords

    Thanks for the comments.
    Last edited by webchalkboard; Nov 26, 2007 at 14:28. Reason: I wanted to delete the post but there isn't an option I can see... Sorry
    Websites for Sale - Sell websites in a purpose built marketplace
    Then do some Shopping

  2. #2
    SitePoint Enthusiast Cronweb's Avatar
    Join Date
    Mar 2006
    Location
    Barnsley, UK
    Posts
    50
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Encrypting the passwords is the least you should do, along with protecting your sites against SQL injection attacks.
    Last edited by Cronweb; Nov 25, 2007 at 11:18. Reason: a little less presumptios this time around

  3. #3
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,600
    Mentioned
    24 Post(s)
    Tagged
    1 Thread(s)
    If you don't encrypt the password then when you have someone who uses the same password for everything (as many do) then breaking into your database may allow someone access to passwords that gives them access to bank accounts containing large sums of money and you would be partly responsible for their loss.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  4. #4
    Non-Member Icheb's Avatar
    Join Date
    Mar 2003
    Location
    Germany
    Posts
    1,474
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    First of all, md5 is HASHING, not encrypting something. And if you want to help someone who forgot his password, uhm, I don't know ... you send him a new one?!? Who cares about security when it's convenient to ignore it.

  5. #5
    SitePoint Mentor bronze trophy

    Join Date
    Oct 2004
    Location
    UK
    Posts
    2,659
    Mentioned
    9 Post(s)
    Tagged
    0 Thread(s)
    You simply set up a 'forgot password' link that sends out a randomly generated password to them. It's no hassle for you as it's completely automated and for the user, it's pretty much standard practice these days, so nothing unusual for them.

    Your visitors should be safe in the knowledge that not only are hackers being stopped from seeing their password, but also the site owners - a hashing system will do this, plain text will not.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •