How unsecure is it to not encrypt a password and save it in a database?
I have a login member system that saves the person's information to a database .. such as username, password, name, etc ... I am just saving the password to the database as is.
I have my database iformation out of the public directory (instead of in the /home/me/public_html .. I have my database.php in the home/me folder).
When someone logs in, it checks the username and password against the database and instead of saving the username and password in a session, I just save a login=true in the session.
Is the secure? If not, why and how could it be better?
If I encrypt the password, then I am faced with the issue of recovering forgotten passwords.
Thanks,
Tim
question about security of password and database
Moderator: General Moderators
- Derfel Cadarn
- Forum Contributor
- Posts: 193
- Joined: Thu Jul 17, 2003 12:02 pm
- Location: Berlin, Germany
There is a great script on Sitepoint about Managing Users with PHP Sessions and MySQL. I use it on my site too.
Not encrypting passwords is insecure, MySQL has the function PASSWORD to encrypt/decrypt it.
Forget about recovering lost passwords, try that famous question "What's your favourite drink?" to check someone's identity. You could combine it with an e-mail-confirmation....
Not encrypting passwords is insecure, MySQL has the function PASSWORD to encrypt/decrypt it.
Forget about recovering lost passwords, try that famous question "What's your favourite drink?" to check someone's identity. You could combine it with an e-mail-confirmation....
Just hash the password and you've instantly increased your security by A LOT. Imagine if someone cracks your server and gets all your users' passwords... now imagine that a decent percent of those users are the kinds of people who use one password for EVERYTHING. You've got a problem. You might come from the school of thought that says these people are stupid and deserve anything that happens to them, but why bring the trouble on yourself.
A hash encrypts the password one-way, so even if someone got in your database, they'd have a hard time figuring out what the original passwords ever were.
A hash encrypts the password one-way, so even if someone got in your database, they'd have a hard time figuring out what the original passwords ever were.
True, using something like for example MD5() to get the 32bit non-reversable for something, is an issue if someone later forgets the password.tsg wrote:But from what i have read ... PHP can not recover the password .. meaning if someone forgot it , then they are SOL other than allowing them to reset it.
I have not yet read the article Derfel posted a link to .. .perhaps that will answer some of my questions.
Thanks,
Tim
Tho, you can create a script that allows users to regenerate a new password, something of their own or something random the server picks, mailing the result to the email stored for the users account.
"Forgot your password? Click here..."
"An email has now been sendt to the following address: user@example.com"
Mail reads: "To verify that you want to change the password, goto this page."
Users go to that page, a password is generated, updated in the db, echoed to the user.
Common example, try it on this board.
- Derfel Cadarn
- Forum Contributor
- Posts: 193
- Joined: Thu Jul 17, 2003 12:02 pm
- Location: Berlin, Germany
Good idea, JAM. The article I mentioned actually doesn't have a ready-to-use solution for this problem. I read in their forum this solution, which is rather much like your proposal.
I guess I should include it on my site someday. That is, when I get time after working my way through these forums....
I guess I should include it on my site someday. That is, when I get time after working my way through these forums....
Yes, just automagically re-generate the passwords and email them. That way you also retain a bit more security... unless the user's email account has also been compromised, if someone tries to change an account password that isn't them, they'll get an email about it and know something's up.
But then, there are situations where security isn't crucial.
But then, there are situations where security isn't crucial.
-
Cruzado_Mainfrm
- Forum Contributor
- Posts: 346
- Joined: Sun Jun 15, 2003 11:22 pm
- Location: Miami, FL