Page 1 of 1
question about security of password and database
Posted: Wed Oct 01, 2003 10:55 am
by tsg
How unsecure is it to not encrypt a password and save it in a database?
I have a login member system that saves the person's information to a database .. such as username, password, name, etc ... I am just saving the password to the database as is.
I have my database iformation out of the public directory (instead of in the /home/me/public_html .. I have my database.php in the home/me folder).
When someone logs in, it checks the username and password against the database and instead of saving the username and password in a session, I just save a login=true in the session.
Is the secure? If not, why and how could it be better?
If I encrypt the password, then I am faced with the issue of recovering forgotten passwords.
Thanks,
Tim
Posted: Wed Oct 01, 2003 11:14 am
by Derfel Cadarn
There is a great script on Sitepoint about
Managing Users with PHP Sessions and MySQL. I use it on my site too.
Not encrypting passwords is insecure, MySQL has the function PASSWORD to encrypt/decrypt it.
Forget about recovering lost passwords, try that famous question "What's your favourite drink?" to check someone's identity. You could combine it with an e-mail-confirmation....
Posted: Wed Oct 01, 2003 5:59 pm
by tsg
Thank you .. I will check it out.
Tim
Posted: Wed Oct 01, 2003 6:08 pm
by Unipus
Just hash the password and you've instantly increased your security by A LOT. Imagine if someone cracks your server and gets all your users' passwords... now imagine that a decent percent of those users are the kinds of people who use one password for EVERYTHING. You've got a problem. You might come from the school of thought that says these people are stupid and deserve anything that happens to them, but why bring the trouble on yourself.
A hash encrypts the password one-way, so even if someone got in your database, they'd have a hard time figuring out what the original passwords ever were.
Posted: Wed Oct 01, 2003 6:13 pm
by tsg
But from what i have read ... PHP can not recover the password .. meaning if someone forgot it , then they are SOL other than allowing them to reset it.
I have not yet read the article Derfel posted a link to .. .perhaps that will answer some of my questions.
Thanks,
Tim
Posted: Wed Oct 01, 2003 6:24 pm
by JAM
tsg wrote:But from what i have read ... PHP can not recover the password .. meaning if someone forgot it , then they are SOL other than allowing them to reset it.
I have not yet read the article Derfel posted a link to .. .perhaps that will answer some of my questions.
Thanks,
Tim
True, using something like for example MD5() to get the 32bit non-reversable for something, is an issue if someone later forgets the password.
Tho, you can create a script that allows users to regenerate a new password, something of their own or something random the server picks, mailing the result to the email stored for the users account.
"Forgot your password? Click here..."
"An email has now been sendt to the following address:
user@example.com"
Mail reads: "To verify that you want to change the password, goto this page."
Users go to that page, a password is generated, updated in the db, echoed to the user.
Common example, try it on this board.
Posted: Thu Oct 02, 2003 4:01 am
by Derfel Cadarn
Good idea, JAM. The article I mentioned actually doesn't have a ready-to-use solution for this problem. I read in their forum
this solution, which is rather much like your proposal.
I guess I should include it on my site someday. That is, when I get time after working my way through these forums....

Posted: Thu Oct 02, 2003 2:34 pm
by Unipus
Yes, just automagically re-generate the passwords and email them. That way you also retain a bit more security... unless the user's email account has also been compromised, if someone tries to change an account password that isn't them, they'll get an email about it and know something's up.
But then, there are situations where security isn't crucial.
Posted: Thu Oct 02, 2003 3:18 pm
by Cruzado_Mainfrm
i don't remember well if someone said this, but u can add a hash to the password and encrypt that all, that will increase the security, but just don't let anybody know the hash
