Hi,
I want to keep users to a web site in a database. The passwords must be encrypted. If the user logs in, the password he entered must be compared to the password that is stored in the database.
I haven't found an Oracle function to encrypt and decrypt passwords, so I guess I would have to do that in PHP.
What would be the best approach? As far as I know there are several possibilities but I just don't know which one is best.
Can someone maybe post some code here I could use?
Thanks,
Steff
Storing passwords in Oracle
Moderator: General Moderators
-
Tubbietoeter
- Forum Contributor
- Posts: 149
- Joined: Fri Mar 14, 2003 2:41 am
- Location: Germany
-
kettle_drum
- DevNet Resident
- Posts: 1150
- Joined: Sun Jul 20, 2003 9:25 pm
- Location: West Yorkshire, England
-
kettle_drum
- DevNet Resident
- Posts: 1150
- Joined: Sun Jul 20, 2003 9:25 pm
- Location: West Yorkshire, England
Forgetting password is insecure by definitionkettle_drum wrote: With things like "forgot your password" where it emails you your password is very insecure as anybody could intercept it or read your mail, and with users generally using the same password for all things - its a huge problem.
[php_man]md5[/php_man] or [php_man]sha1[/php_man] is what you need.Tubbietoeter wrote:The passwords must be encrypted. If the user logs in, the password he entered must be compared to the password that is stored in the database.
PS: There were rumours that someone has found md5 collision, not sure if it was true but anyway...
-
Tubbietoeter
- Forum Contributor
- Posts: 149
- Joined: Fri Mar 14, 2003 2:41 am
- Location: Germany