Jump to content

Recommended Posts

Hello I am trying to create a password storing application, but cannot figure out the best way to store account passwords. 

 

The application wont store just user passwords to login, but passwords for other accounts. For example Client wants to be able to store all their Facebook and twitter passwords on the site, then log in when they want to find it. 

 

I was going to make it so the admin needed repeat their password they used to login to the application to retrieve another password, all of this is no problem, its just encrypting the passwords and being able to "un-encrypt" it later so they can see it. 

 

Any help would be appreciated, the person doesn't really care if its secure, they just want me to store the strings in the Database to be retrieved later, but I want to make it secure. 

 

Thank you

 

 

Link to comment
https://forums.phpfreaks.com/topic/286524-best-password-storingretrieval-method/
Share on other sites

oh dear.. i wouldn't touch that liability with a 100ft pole.. there are plenty of "universal pw storage" programs out there that are on the client's computer, and that's where it should be. I guess the only "help" that statement offers is I'd strongly recommend you try your very hardest to push back on this or otherwise remove yourself from it.. cuz.. that is a huge liability.

oh dear.. i wouldn't touch that liability with a 100ft pole.. there are plenty of "universal pw storage" programs out there that are on the client's computer, and that's where it should be. I guess the only "help" that statement offers is I'd strongly recommend you try your very hardest to push back on this or otherwise remove yourself from it.. cuz.. that is a huge liability.

 

I had a feeling someone would say that, as I am trying to push it back myself lol. 

 

I just wanted to see what were the best options. I don't want them to pay someone overseas and and have absolutely no security in it at all. I have told them its a huge risk, so the contract will protect me if anything happens. 

I just wanted to see what were the best options. I don't want them to pay someone overseas and and have absolutely no security in it at all. I have told them its a huge risk, so the contract will protect me if anything happens.

man.. again.. take it for what it's worth.. but I have a sneaking suspicion no amount of words in a contract will be bulletproof against the hordes of angry lawyers released on you by angry social media sites and other big name businesses if whatever you do is hacked. If it were me, I'd tell them hell no I'm not doing it, even if it cost me my job. I know that's a lot easier to say when I'm not in your position, but I just couldn't take that risk regardless.

In any case, if you are somehow confident or are otherwise not deterred by any liabilities you may impose on yourself.. use password. If the server is not on php v5.5.0+ yet, there is an alternative. If you still don't meet the php v5.3 req for that, then.. I mean if you're really really confident in not being held liable..lol just md5 or sha1 it up.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.