SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Member
    Join Date
    Oct 2011
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Password & database security question (PHP & MYSQL)

    I'm thinking of using md5 &/or sha1 and salt to store passwords into an sql database table. My question is..would it not be safer to store the salt "clear text" in another table and just leave a "key" so to speak in the table with the password. In other words, if a hacker gets into the password and key table by using sql injection, does he only have access to that table since he wouldn't even know the name of the other table unless he also was able to access the script code.

  2. #2
    SitePoint Wizard cranial-bore's Avatar
    Join Date
    Jan 2002
    Location
    Australia
    Posts
    2,634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think you'll be complicated your DB design for very little security pay off. Just have a per-user salt and you'll be good to go. An attacker would have to compile a new dictionary for every user which would be very time consuming.

  3. #3
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,869
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    The main reson for hashing the passwords is to make absolutely certain that the staff actually working in the server room cannot just read off all your userids and passwords - of course the staff working in that location ought to be able to be trusted but hashing the passwords prevents them from seeing what the passwords are at all even when they have a legitimate reason for needing to inspect your database content.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •