How secure is a php script that retrieves user login via php script and stores it in a MySQL DB? I'd have thought bar anyone gaining access to the DB, very... is this somewhat naive?

Why would I want to use encryption on the user's passwords, such as MD5? Would this be solely to provide my users with a sense of personal security from the script's host?

Just wanting some informed opinions. ;)

The only reason I provide md5() in my applications where there are multiple users is so that admin's cannot look in the database, find out the password, and then mess with their account.

Of course, if they knew a little PHP, then they could just replace the password with another hashed one...but if they know PHP, there's probably very little that can be done to prevent it.

That's what I figured. :S

So, the advantage of it is only to give the users of the forum some assurance that whatever passwords they use, can't be seen by others who may have access to the account details... or anyone that hacks into the account's data area.

Thanks

no it isn't for the assurance of the users. they dont' even know how it is stored unless it says in text somewhere.

it is very possible to hack a mysql database if the codeing is not good hence the reason to keep the passwords encrypted, not just for the admins.

no it isn't for the assurance of the users. they dont' even know how it is stored unless it says in text somewhere.

Precisely. Which should be accepted as is from a trusted source... hopefully. :)

it is very possible to hack a mysql database if the codeing is not good hence the reason to keep the passwords encrypted, not just for the admins.

Which goes back to what I was saying before... I think.

-----------
So, the advantage of it is only to give the users of the forum some assurance that whatever passwords they use, can't be seen by others who may have access to the account details... or anyone that hacks into the account's data area.
-----------

As always, thanks guys.

I think you missed something. the users of the forum have no idea the passwords are encrypted. the reason is they can't see in the database themselves.

the main reasons we encrypt passwords is becasue we don't want our software hacked and then people wouldn't trust it and never by it.

it is the makers of the forum, not the users.

not jsut forums but think about if we had credit card numbers (pretty stupid but it has been done) in the database and no encryption and somebody hacked the database. they would get all those cc #'s and the users name and password. the users would be furious because the makers didn't encrypt the passwords. so it is up to the script makers to protect there investment. it isn't to reassure the users.

Sorry, but I skimmed what everyone else wrote.... so they might have already stated what I am about to say.

You should keep user name, password, database stuff all stored in a seperate file so if you give out your code you don't have to worry about people seeing that information. (Stored in Variables)

Encryption is also a MUST!!! Why encrypt the login and password you ask? Because of Injection attacks. I can hack your site without knowing the password in most cases. By using encryption functions... you are more safe. For more information you can read some papers I wrote on the subject at
www.jotdot.net/brandito/authentic (http://www.jotdot.net/brandito/authentic/site.php?myLink=8)

There are also some other ways to secure your logins... but you don't need to worry about them if you design your pages correctly. (by the way... cookie authentication is easy to hack)

hope that helps,
Brandito

Originally posted by Brandito
(by the way... cookie authentication is easy to hack)

hope that helps,
Brandito
and how do you figure that? can you give an example or something to back that statement up?

There are many reasons and examples why. But of course it is all on how you implement it and how secure your site is. If your site is poorly programmed... have cookie authentication will rape you every time.

example: phpbb was flawed by an html injection attack allowing everyone who went to a maliciously coded post to send there cookie authentication data to the "hacker". There are many other examples.

l8r,
Brandito

again... it is all based on your implementation

Thanks Brandito, that was an interesting read and has given me something else to think about. I'm going to try these sql injection attacks out on my site.

Hopefully it'll be ok as I've already considered malicious data entry as it seems to be covered in published PHP works too (to a small degree).