Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    New Coder
    Join Date
    May 2009
    Location
    Pennsylvania, United States
    Posts
    54
    Thanks
    16
    Thanked 0 Times in 0 Posts

    Question Password storage

    Just out of curiousity, which is safer: storing hashed/encrypted passwords in a database of txt file?

    I've been looking into writing a flat file script, alternatively, I was wondering if it would be safe to create a file called config.php, chmod it to 666 amd from the control panel 'build' the file contents and write it to the config.php file -- or edit it manually.

    Which way should I go with this?

  • #2
    Master Coder mlseim's Avatar
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,389
    Thanks
    8
    Thanked 1,077 Times in 1,068 Posts
    Use MySQL (database) ... not only the safest, but easiest too.

  • #3
    Master Coder
    Join Date
    Apr 2003
    Location
    in my house
    Posts
    5,211
    Thanks
    39
    Thanked 201 Times in 197 Posts
    speaking from hard-learned experience - use a database. HAd I done that when advised, I would be miles ahead of where I am now.

    bazz
    "The day you stop learning is the day you become obsolete"! - my late Dad.

    Why do some people say "I don't know for sure"? If they don't know for sure then, they don't know!
    Useful MySQL resource
    Useful MySQL link

  • #4
    Regular Coder jfreak53's Avatar
    Join Date
    May 2004
    Location
    Guatemala
    Posts
    477
    Thanks
    19
    Thanked 10 Times in 10 Posts
    ALways Always DB! Txt file can be opened by anyone then they can use a brute forcer like John the Ripper to break the password. ALWAYS USE DB!! ha ha a little too much there

    But it's the truth always use DB. Then either encode in SHA or MD5 inside DB. That way it's safer.

    But never store in TXT file! Anyone can open it, not safe at all.
    "FORTRAN is not a language. It's a way of turning a multi-million dollar mainframe, into a $50 programmable scientific calculator."
    http://www.microfastcat.com -- FastCat Software, the fastest software on the NET!
    http://www.microthosting.com -- Free reseller web hosting, Hosting, VPS, FREE SMALL HOSTING!!!
    http://www.microtronix-tech.com -- Web design and programming

  • #5
    Codeasaurus Rex
    Join Date
    Jun 2008
    Location
    Redmond, WA
    Posts
    659
    Thanks
    31
    Thanked 100 Times in 94 Posts
    Not only will it be more secure but it will be more efficient and more dynamic. If you stored it in a txt file you would have to iterate through every line until you found the specific user. With a DB it utilizes (generally) a binary search and will, in most cases, find it faster and with less resources.

    Beyond that security is huge. Even with storing in a database you should still hash the passwords to protect but your site and your users. I would recommend using the SHA-2 hashing function as things like SHA-1 and MD5 can be cracked.
    Unless otherwise stated, any code posted is most likely untested and may contain syntax errors.
    My posts, comments, code, and suggestions reflect only my personal views.
    Web Portfolio and Code Snippets: http://shanechism.com

  • #6
    Regular Coder jfreak53's Avatar
    Join Date
    May 2004
    Location
    Guatemala
    Posts
    477
    Thanks
    19
    Thanked 10 Times in 10 Posts
    Quote Originally Posted by ShaneC View Post
    Beyond that security is huge. Even with storing in a database you should still hash the passwords to protect but your site and your users. I would recommend using the SHA-2 hashing function as things like SHA-1 and MD5 can be cracked.
    I agree, but FYI, all three of those can be cracked, even SHA-2 can be cracked. They are all one-way hash based encryption routines, and even though they are a "one-way" (meaning they cannot be un-encrypted back to original) hash encryption they can be brute forced using a comparison hacking program like Jack the Ripper or another such program. All can be hacked if you can get the encrypted version to compare against. "Quoted from Applied cryptography by Bruce Schneier"

    So in short they are harder to crack but can still be cracked. But for better security do it the way we just stated man. Security is the key.
    "FORTRAN is not a language. It's a way of turning a multi-million dollar mainframe, into a $50 programmable scientific calculator."
    http://www.microfastcat.com -- FastCat Software, the fastest software on the NET!
    http://www.microthosting.com -- Free reseller web hosting, Hosting, VPS, FREE SMALL HOSTING!!!
    http://www.microtronix-tech.com -- Web design and programming

  • #7
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Hashing along with salting, and making sure users enter strong passwords will be pretty secure.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #8
    Banned
    Join Date
    Jun 2010
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    hi friend

    if you want to store your password automatic you can create database for your password and all passwords store automatically.


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •