2013年4月8日星期一

Mike Dalisay: Salt, Hash and Store Passwords Securely with Phpass


On Mike Dalisay's site there's a recent post showing how to use the Phpass tool to salt, hash and store passowrd data in your application.



I think the main reason why we have to hash passwords is to prevent passwords from being stolen or compromised. You see, even if someone steal your database, they will never read your actual or cleartext password. I know that some PHP frameworks or CMS already provide this functionality, but I believe that it is important for us to know how its implementation can be made.


His sample application stores the user data in a MySQL database and does the salting+hashing at the time of the request. It uses a hard-coded salt and a value of 8 for the hashing/stretching. Screenshots of each page in the example application are also included.


Link: http://www.codeofaninja.com/2013/03/php-hash-password.html#.UVziYKUm0sc.dzone

没有评论:

发表评论