question about security of password and database

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
tsg
Forum Contributor
Posts: 142
Joined: Sun Jan 12, 2003 9:22 pm
Location: SE, Alabama
Contact:

question about security of password and database

Post by tsg »

How unsecure is it to not encrypt a password and save it in a database?

I have a login member system that saves the person's information to a database .. such as username, password, name, etc ... I am just saving the password to the database as is.

I have my database iformation out of the public directory (instead of in the /home/me/public_html .. I have my database.php in the home/me folder).

When someone logs in, it checks the username and password against the database and instead of saving the username and password in a session, I just save a login=true in the session.

Is the secure? If not, why and how could it be better?

If I encrypt the password, then I am faced with the issue of recovering forgotten passwords.

Thanks,
Tim
User avatar
Derfel Cadarn
Forum Contributor
Posts: 193
Joined: Thu Jul 17, 2003 12:02 pm
Location: Berlin, Germany

Post by Derfel Cadarn »

There is a great script on Sitepoint about Managing Users with PHP Sessions and MySQL. I use it on my site too.

Not encrypting passwords is insecure, MySQL has the function PASSWORD to encrypt/decrypt it.

Forget about recovering lost passwords, try that famous question "What's your favourite drink?" to check someone's identity. You could combine it with an e-mail-confirmation....
tsg
Forum Contributor
Posts: 142
Joined: Sun Jan 12, 2003 9:22 pm
Location: SE, Alabama
Contact:

Post by tsg »

Thank you .. I will check it out.

Tim
Unipus
Forum Contributor
Posts: 409
Joined: Tue Aug 26, 2003 2:06 pm
Location: Los Angeles, CA

Post by Unipus »

Just hash the password and you've instantly increased your security by A LOT. Imagine if someone cracks your server and gets all your users' passwords... now imagine that a decent percent of those users are the kinds of people who use one password for EVERYTHING. You've got a problem. You might come from the school of thought that says these people are stupid and deserve anything that happens to them, but why bring the trouble on yourself.

A hash encrypts the password one-way, so even if someone got in your database, they'd have a hard time figuring out what the original passwords ever were.
tsg
Forum Contributor
Posts: 142
Joined: Sun Jan 12, 2003 9:22 pm
Location: SE, Alabama
Contact:

Post by tsg »

But from what i have read ... PHP can not recover the password .. meaning if someone forgot it , then they are SOL other than allowing them to reset it.

I have not yet read the article Derfel posted a link to .. .perhaps that will answer some of my questions.

Thanks,
Tim
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

tsg wrote:But from what i have read ... PHP can not recover the password .. meaning if someone forgot it , then they are SOL other than allowing them to reset it.

I have not yet read the article Derfel posted a link to .. .perhaps that will answer some of my questions.

Thanks,
Tim
True, using something like for example MD5() to get the 32bit non-reversable for something, is an issue if someone later forgets the password.
Tho, you can create a script that allows users to regenerate a new password, something of their own or something random the server picks, mailing the result to the email stored for the users account.

"Forgot your password? Click here..."
"An email has now been sendt to the following address: user@example.com"
Mail reads: "To verify that you want to change the password, goto this page."
Users go to that page, a password is generated, updated in the db, echoed to the user.

Common example, try it on this board.
User avatar
Derfel Cadarn
Forum Contributor
Posts: 193
Joined: Thu Jul 17, 2003 12:02 pm
Location: Berlin, Germany

Post by Derfel Cadarn »

Good idea, JAM. The article I mentioned actually doesn't have a ready-to-use solution for this problem. I read in their forum this solution, which is rather much like your proposal.
I guess I should include it on my site someday. That is, when I get time after working my way through these forums.... 8)
Unipus
Forum Contributor
Posts: 409
Joined: Tue Aug 26, 2003 2:06 pm
Location: Los Angeles, CA

Post by Unipus »

Yes, just automagically re-generate the passwords and email them. That way you also retain a bit more security... unless the user's email account has also been compromised, if someone tries to change an account password that isn't them, they'll get an email about it and know something's up.

But then, there are situations where security isn't crucial.
Cruzado_Mainfrm
Forum Contributor
Posts: 346
Joined: Sun Jun 15, 2003 11:22 pm
Location: Miami, FL

Post by Cruzado_Mainfrm »

i don't remember well if someone said this, but u can add a hash to the password and encrypt that all, that will increase the security, but just don't let anybody know the hash ;)
Post Reply