safe-est way to connect to a db
- Thread starter diabolo
- Start date
mattura
Member
- Messages
- 570
- Reaction score
- 2
- Points
- 18
A couple of simple security steps:
1) Do not store the actual passwords, but a hash of them eg md5($password)
Then when logging in, you can hash the user input and compare the values.
2) Create 2 (or more) users in mysql, allow 1 of them only SELECT permissions, and use this user/password for the login script. Once logged in, the other user/password combo can be used (with other permissions)
1) Do not store the actual passwords, but a hash of them eg md5($password)
Then when logging in, you can hash the user input and compare the values.
2) Create 2 (or more) users in mysql, allow 1 of them only SELECT permissions, and use this user/password for the login script. Once logged in, the other user/password combo can be used (with other permissions)
MasterMax1313
New Member
- Messages
- 84
- Reaction score
- 0
- Points
- 0
as far as un-md5 hashing, the technical answer is yes, some crazy amazing professor over the summer wrote some high level paper in how it is possible to take the result of an md5 hash and get the original string (though I don't recall many of the details, I believe I saw it on slashdot), but I would have to imagine the process isn't exactly easy. PHP has a number of encryption functions built in, so you could always peek into them and see which one fits you.
btw, i believe that I heard that there is some kind of md6 hash in the works, but that's probably just some rumor I heard around the same time as I saw that article.
all in all, I'd say that md5 hash is going to be your safest way, along with the method proposed above with multiple user levels and restrictions.
granted there are articles on dangers of using md5 hash, but something that needs to be acknowledged is that there is no perfect security (at least not in my opinion), and that the best that can be done is to take as many steps as possible (and as reasonable for the information being protected) to protect the data.
btw, i believe that I heard that there is some kind of md6 hash in the works, but that's probably just some rumor I heard around the same time as I saw that article.
all in all, I'd say that md5 hash is going to be your safest way, along with the method proposed above with multiple user levels and restrictions.
granted there are articles on dangers of using md5 hash, but something that needs to be acknowledged is that there is no perfect security (at least not in my opinion), and that the best that can be done is to take as many steps as possible (and as reasonable for the information being protected) to protect the data.