Answer the question
In order to leave comments, you need to log in
M
M
Madiyar Lacroa2015-11-09 14:25:14
Madiyar Lacroa, 2015-11-09 14:25:14
What can be done about password generation?
During registration, they made me send SMS with a password to my site (and it is too complicated, for example: x2GhQ21pz such passwords)
I wanted the users to set the password themselves. But my audience is 35-44 (men) g.
But the programmers told me they want to do it, but if the base disappears, we are not to blame.
And base about 8000 users. What programs are there that can protect the site?
There is an SSL certificate. Which ones are used by ebay, facebook, amazon? We need the same
3 answer(s)
@Taraflex
Where will it disappear? How will it disappear? Make backups so you don't get lost.
The database should not contain any passwords.
http://getjump.me/en-php-the-right-way/#Hashing...
@KeyDoo
A
Alexander Taratin, 2015-11-09 @Taraflex
but if the base disappears, we are not to blame.
Where will it disappear? How will it disappear? Make backups so you don't get lost.
The database should not contain any passwords.
http://getjump.me/en-php-the-right-way/#Hashing...
K
KeyDoo, 2015-11-10 @KeyDoo
As far as I understand (and it wasn't easy), programmers believe that human-set passwords are generally simpler than machine-generated passwords. And there is.
If the user's password is brute-forced, only the user will suffer. An attacker who picks up a password will be able to use the functionality of the site with user rights (each user cannot download the entire database???).
Similar questions
A
I
E
N
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question