Jump to content

Storing passwords in a password protected db


Recommended Posts

Hey,

 

I was having some trouble in finding the logic in this: I have a login form (php) and a mySQL database storing the username and password.

Problem is that my database is also protected because logically you don't want username's and/or passwords to be public.

 

This means that when someone tries the login form, it is impossible to check if he has correct credentials because this would imply that the db password should be used also to grant access to the database.

 

How to overcome this issue?

Traditionally what used to be done was encrypt the passwords

here is the logic

 

when registering/changing the password is encrypted(say MD5 or SHA1) and stored to DB, when logging in the logged in password field is encrypted again and matched with the value in the DB. Since the encryption is one-way it was difficult to crack it.  Note : this is old and it can be cracked easily now-a-days. You are better of using rredefined password libraries used by wordpress, joomla..etc.

Thank you for your reply.

 

That was the method I had in my head to but it looks so unsafe to me. Is there any way to overcome this? A safer way only using php and mysql?

 

When I think about it I can't see any other way than the traditional one. Even with the use of Joomla, WordPress,... there still has to be a loginform and a database so doesn't that mean this also is the traditional way of doing things?

Edited by senca99

the database connection username/password is only known to your application code and the database and is only used to authenticate the connection between your application code and the database.

 

the database connection username/password has nothing to do with the visitor's username/passwords that your application stores in a database table and uses to authenticate the visitor.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.