Salting Password Creation

(4 posts)

Tags:

Great offers for webmaster, blogger and web developer!

jbottero
Member

Hi, Olaf.

I would like to use SECRET_STRING as salt for the md5 of the password.

In other words, the password saved in the DB would be md5(password . SECRET_STRING).

So, I will need to modify functions register_user and login_user.

What else, do you think?

Posted 8 months ago #

Olaf
PHP Coder

Hi,

you mean you want to store the password string including the "salt" in your database.
The URL's used in email messages are using the a salted string as well. I'm afraid you need to change a lot...
Is your database not safe?

Posted 8 months ago #
jbottero
Member

My DB is safe, but *I'm paranoid* at the large number of MD5 databases available on the web and the potential for SQL injection cracking.

Do you think my fear is unfounded as far as it applies to the access_user_class?

Posted 8 months ago #
Olaf
PHP Coder

hmm... it depends on your application and how popular your website is. Maybe you can "optimize" the function to prevent more SQL injections? Limit the permissions for your database users.
Make your PHP configuration as safe as possible.

Posted 8 months ago #

Reply

You must log in to post.