carlosmoreeira Posted February 25, 2014 Share Posted February 25, 2014 Hello I am trying to create a password storing application, but cannot figure out the best way to store account passwords. The application wont store just user passwords to login, but passwords for other accounts. For example Client wants to be able to store all their Facebook and twitter passwords on the site, then log in when they want to find it. I was going to make it so the admin needed repeat their password they used to login to the application to retrieve another password, all of this is no problem, its just encrypting the passwords and being able to "un-encrypt" it later so they can see it. Any help would be appreciated, the person doesn't really care if its secure, they just want me to store the strings in the Database to be retrieved later, but I want to make it secure. Thank you Quote Link to comment https://forums.phpfreaks.com/topic/286524-best-password-storingretrieval-method/ Share on other sites More sharing options...
.josh Posted February 25, 2014 Share Posted February 25, 2014 oh dear.. i wouldn't touch that liability with a 100ft pole.. there are plenty of "universal pw storage" programs out there that are on the client's computer, and that's where it should be. I guess the only "help" that statement offers is I'd strongly recommend you try your very hardest to push back on this or otherwise remove yourself from it.. cuz.. that is a huge liability. Quote Link to comment https://forums.phpfreaks.com/topic/286524-best-password-storingretrieval-method/#findComment-1470656 Share on other sites More sharing options...
requinix Posted February 25, 2014 Share Posted February 25, 2014 the person doesn't really care if its secureYour client is stupid. Quote Link to comment https://forums.phpfreaks.com/topic/286524-best-password-storingretrieval-method/#findComment-1470658 Share on other sites More sharing options...
carlosmoreeira Posted February 25, 2014 Author Share Posted February 25, 2014 oh dear.. i wouldn't touch that liability with a 100ft pole.. there are plenty of "universal pw storage" programs out there that are on the client's computer, and that's where it should be. I guess the only "help" that statement offers is I'd strongly recommend you try your very hardest to push back on this or otherwise remove yourself from it.. cuz.. that is a huge liability. I had a feeling someone would say that, as I am trying to push it back myself lol. I just wanted to see what were the best options. I don't want them to pay someone overseas and and have absolutely no security in it at all. I have told them its a huge risk, so the contract will protect me if anything happens. Quote Link to comment https://forums.phpfreaks.com/topic/286524-best-password-storingretrieval-method/#findComment-1470659 Share on other sites More sharing options...
carlosmoreeira Posted February 25, 2014 Author Share Posted February 25, 2014 Your client is stupid. If I only had a quarter for the amount of times I've said that to myself. Quote Link to comment https://forums.phpfreaks.com/topic/286524-best-password-storingretrieval-method/#findComment-1470660 Share on other sites More sharing options...
.josh Posted February 25, 2014 Share Posted February 25, 2014 I just wanted to see what were the best options. I don't want them to pay someone overseas and and have absolutely no security in it at all. I have told them its a huge risk, so the contract will protect me if anything happens. man.. again.. take it for what it's worth.. but I have a sneaking suspicion no amount of words in a contract will be bulletproof against the hordes of angry lawyers released on you by angry social media sites and other big name businesses if whatever you do is hacked. If it were me, I'd tell them hell no I'm not doing it, even if it cost me my job. I know that's a lot easier to say when I'm not in your position, but I just couldn't take that risk regardless. Quote Link to comment https://forums.phpfreaks.com/topic/286524-best-password-storingretrieval-method/#findComment-1470661 Share on other sites More sharing options...
.josh Posted February 25, 2014 Share Posted February 25, 2014 In any case, if you are somehow confident or are otherwise not deterred by any liabilities you may impose on yourself.. use password. If the server is not on php v5.5.0+ yet, there is an alternative. If you still don't meet the php v5.3 req for that, then.. I mean if you're really really confident in not being held liable..lol just md5 or sha1 it up. Quote Link to comment https://forums.phpfreaks.com/topic/286524-best-password-storingretrieval-method/#findComment-1470664 Share on other sites More sharing options...
.josh Posted February 25, 2014 Share Posted February 25, 2014 actually wait.. you said you need to be able to decrypt it to show plaintext version.. so mcrypt functions are as good as any.. This comment has an easy straight-forward class for it. I guess.. your funeral. Quote Link to comment https://forums.phpfreaks.com/topic/286524-best-password-storingretrieval-method/#findComment-1470666 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.