Security « Steven Brown

Security

Password Storage Options

by Steven Brown on Apr.23, 2007, under Security

Whatever web language you are programming in (PHP, ASP, etc.) you will no doubt come across the need to implement an authentication or user login system at some point.

There is an obvious need to protect passwords in some way, otherwise discovering the password field, through SQL injection or other attack, would allow an attacker to login as another user.

So the password MD5 was born. On the surface this is relatively sound, hash the password using the MD5 algorithm. The original password can never be directly retrieved from the hash so even if someone does get access to view the password field, they do not actually know the password and cannot use it directly to login.
(continue reading…)

1 Comment more...

Welcome!
I'm a senior software engineer currently living in Australia. I co-authored a book titled Zend Framework in Action but at the moment I spend most of my time in Symfony 2 and jQuery. I currently work for a company called Boku.
Recent Posts
Browse by tags
bootstrap bootstrap css constraint css custom constraint custom validator debug forms mutateme php phpunit symfony symfony 2.0 twig unit testing validator Zend Framework zfdebug

Categories
- Business
- CSS
- Development
- Jaxer
- Performance
- PHP
- Red5
- Security
- Symfony
- Zend Framework

Meta
- Log in
- Valid XHTML

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Steven Brown

Security

Password Storage Options

Welcome!

Recent Posts

Browse by tags

Categories

Meta

Looking for something?

Blogroll

Archives