Just out of curiousity, which is safer: storing hashed/encrypted passwords in a database of txt file?
I've been looking into writing a flat file script, alternatively, I was wondering if it would be safe to create a file called config.php, chmod it to 666 amd from the control panel 'build' the file contents and write it to the config.php file -- or edit it manually.
ALways Always DB! Txt file can be opened by anyone then they can use a brute forcer like John the Ripper to break the password. ALWAYS USE DB!! ha ha a little too much there
But it's the truth always use DB. Then either encode in SHA or MD5 inside DB. That way it's safer.
But never store in TXT file! Anyone can open it, not safe at all.
__________________
"FORTRAN is not a language. It's a way of turning a multi-million dollar mainframe, into a $50 programmable scientific calculator."
█ █ http://www.microfastcat.com -- FastCat Software, the fastest software on the NET!
█ █ http://www.microthosting.com -- Free reseller web hosting, Hosting, VPS, FREE SMALL HOSTING!!!
█ █ http://www.microtronix-tech.com -- Web design and programming
Not only will it be more secure but it will be more efficient and more dynamic. If you stored it in a txt file you would have to iterate through every line until you found the specific user. With a DB it utilizes (generally) a binary search and will, in most cases, find it faster and with less resources.
Beyond that security is huge. Even with storing in a database you should still hash the passwords to protect but your site and your users. I would recommend using the SHA-2 hashing function as things like SHA-1 and MD5 can be cracked.
__________________ Unless otherwise stated, any code posted is most likely untested and may contain syntax errors.
My posts, comments, code, and suggestions reflect only my personal views.
Web Portfolio and Code Snippets: http://shanechism.com
Beyond that security is huge. Even with storing in a database you should still hash the passwords to protect but your site and your users. I would recommend using the SHA-2 hashing function as things like SHA-1 and MD5 can be cracked.
I agree, but FYI, all three of those can be cracked, even SHA-2 can be cracked. They are all one-way hash based encryption routines, and even though they are a "one-way" (meaning they cannot be un-encrypted back to original) hash encryption they can be brute forced using a comparison hacking program like Jack the Ripper or another such program. All can be hacked if you can get the encrypted version to compare against. "Quoted from Applied cryptography by Bruce Schneier"
So in short they are harder to crack but can still be cracked. But for better security do it the way we just stated man. Security is the key.
__________________
"FORTRAN is not a language. It's a way of turning a multi-million dollar mainframe, into a $50 programmable scientific calculator."
█ █ http://www.microfastcat.com -- FastCat Software, the fastest software on the NET!
█ █ http://www.microthosting.com -- Free reseller web hosting, Hosting, VPS, FREE SMALL HOSTING!!!
█ █ http://www.microtronix-tech.com -- Web design and programming
Before you post, read our: 
Password storage
