Where and how to store user data, passwords, logins?

F

Farid2018-08-08 08:24:38

SQL

Farid, 2018-08-08 08:24:38

Good day.
Guys, please tell me where it is better to store user data - these are passwords, logins
. As I understand it, they should be collected in databases with MD5, for example, but where is it better to store this data so that they cannot be accessed?
upd: I asked the question incorrectly. The data is in the database, how to protect this very database and where to store it following the law 152-FZ on pers. data?
Thanks in advance!

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

A

Andy, 2018-08-08
@anvarli

Name, email, phone, password and more are stored in the database or in extreme cases in a regular .txt file.
Note! What the user enters in the password field (for example, 12345) is not recorded in the database. Create a hash of this password + salt. Read about salting passwords . At the output in your database, the password field should contain a hash (bdadb0330124cda0e8499c9cd118f7bd). If the user needs to log in, then you compare the hash that is obtained after entering the password with the one stored in your database.

R

Roman Kitaev, 2018-08-08
@deliro

Do not store passwords at all. Payment data - only if you created a phishing site.
Remain logins. You can keep them even in a notebook.

S

Sergey Ryzhkin, 2018-08-08
@Franciz

I will also express my opinion if you read, but did not understand the previous 4 different answers.
Logins - in the database
Passwords - nowhere

D

Dmitry Shitskov, 2018-08-08
@Zarom

Logins in the database
Passwords in sha256, at least - in the database
You are not allowed to store payment / card data until you follow the pci dss standard