|
-
Sep 8th, 2017, 08:13 AM
#6
Re: what method is secure to insert and update into database ?
you never store a password in the database. you store a 1 way hash of the salted password, and the random salt. that way if your database is ever compromised, the passwords can not be recovered (except by brute-force).
to save the salt+hash:
1) get the password from the user
2) create a random salt and combines it with the pw
3) perform the 1-way hash on the salted pw
4) store the salt, and the hash to the database
to verify a password during login:
1) get the password from the user
2) combines it with the salt stored in the database
3) perform the 1-way hash on the salted pw
4) compare this result to the pw hash stored in the database
Last edited by DEXWERX; Sep 8th, 2017 at 11:27 AM.
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote