Jump to content

Storing password in sql/phpmyadmin


pb1uk

Recommended Posts

Hi all,

 

I'm looking at how best to store user login details in a database. Currently i'm just working locally on my laptop using xampp (phpmyadmin). At the moment the password column is just a varchar field, when this goes online I assume this won't be safe. Is there a different method of storage, maybe a blob?

 

Thanks,

 

pb1uk

Link to comment
Share on other sites

Using a varchar column type is fine. However, it's considered bad practice to store passwords in plain text in the database. For example, if the password is "password1" you would want to store an encrypted version rather than just "password1" so if anyone gets access to the database, they don't immediately have access to everyone's usernames/passwords.

 

There are a range of ways to encrypt passwords... I usually use MD5 plus a salt (a random couple characters added to the end of the password to make it more random. For example:

 

$password = $_POST['password'];

$salt = "8dC_9Kl?";

$encrypted password = md5($password . $salt);

 

The encrypted password would be stored in the database. Then, if you wanted to log the user in and compare what they entered against the database:

 

$db_password = ""; //get the password from the database

if (md5($password . $salt) == $db_password)

{

// continue...

}

 

I cover this in my PHP login series.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...