Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Space2015-10-15 05:03:30
PHP
Space, 2015-10-15 05:03:30

How to store passwords correctly?

I enter through two fields Login and password. How to properly and securely store passwords in a database? md5+salt is still relevant or not? MySQL base.
If possible, then an example in php.
UPD:
I need to get a password from another language, before that I got a clean password by making a query to the DB, which is not secure. But if I will hash the password, for example, using password_hash() , then how can I get it in its purest form? Making a POST request somehow?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
D
DevMan, 2015-10-15
@ruslite

php.net/manual/ru/book.password.php
https://gist.github.com/nikic/3707231
habrahabr.ru/post/194972
store in the database as strings.

Report
T
test13r, 2015-10-15
@test13r

Ideally, neither the passwords themselves nor any key sequences need to be stored anywhere at all.
If possible, it is better not to store passwords in plain text.
And it is still acceptable to store not the password itself, but its one-way transformation (hash) with all sorts of payloads in the form of a "salt". The whole joke in this transformation is that there is no password itself. There is only some sequence of characters that cannot be converted back.
Thus, it all comes down to the fact that the password in its pure form was not transmitted over the network, but the results of the conversion were transmitted. As a result, when receiving on the server, for example, an authorization request, it is the converted follower that is checked. This is where the need for the action to recover clean passwords disappears.

Report
A
Alexander Kubintsev, 2015-10-15
@akubintsev

You should state your purpose.
If it boils down to authentication, then storing the hash is really enough.
If your service acts as a data provider and authentication is performed by a third-party service, then you need to perform encryption. And then it would be better to shift the focus of the question aside how to ensure maximum storage security :)

Similar questions
N
nickostyle2014-04-22 13:05:16
Is it possible to repost from social networks to the site? 9Reply
M
Marty McFly2018-11-12 19:00:41
Where is the best place to study web design from 0 in St. Petersburg? 6Reply
S
sergeybogevolny2015-04-06 21:36:50
Is there an example of interaction between bootstrap wizard form and php? 2Reply
A
Anholle2019-09-09 11:37:42
How to set up a filter in the feedback form? 0Reply
S
student_it2015-04-19 11:49:55
How can I prevent the Referer from being sent when playing an audio file via the HTML Audio tag? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question